from:"Antu Sanadi"

Re: [Openvas-discuss] False Positive detection for Moodle version

2018-07-26 Thread Antu Sanadi


Hello Tanner,

Thanks for reporting, Here we need check read permission for 'xml' file 
and versions reliability on various versions. we will look into this and 
update the NVT.


Thanks,
Antu Sanadi

On Thursday 26 July 2018 10:13 PM, Tanner Posada wrote:


Hey Everyone,

I noticed a false positive for Moodle security flaw where, after 
updating moodle to the “fixed” version(In this case 3.5 to 3.5.1), it 
still detected Moodle as the previous version.


From what I understand it goes about this by reading from the 
/admin/environment.xml file.


Is it possible to improve the detection method to detect upgrades 
properly?


Thanks for any answers in advance,

Tanner



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanning for vulnerabilities in Oracle Database

2018-04-10 Thread Antu Sanadi


Hello,

Here nothing do with NVT.  As it looks like issue with an server 
configuration.
Please google exact error message along with status code. You might find 
the solution

for proper configuration.

If you don't find , request you to send the exact error message with 
error code.


Thanks,
Antu Sanadi


On Tuesday 10 April 2018 05:02 PM, Anantha Raghava wrote:


Hi,

Any specific configuration to be done to get OpenVAS scan Oracle for 
vulnerabilities. I am doing authenticated scan. Yet receiving "tns 
listner connection refused" error. I checked the NVT, but could get 
any idea as to why it is failing to scan. Oracle tns is listening on 
port 1521, but connection is refused. No information is revealed.


My OS Version is Windows Server 2008 R2.

--

Thanks & Regards,


Anantha Raghava


Do not print this e-mail unless required. Save Paper & trees.

On 07/04/18 10:01 PM, Anantha Raghava wrote:

Hi,

Thanks for quick reply.

Yes, I am doing an authenticated scan. Yet, no information about 
Oracle is revealed, but for the "tns listener refused connection error.


Thanks & Regards,
Anantha Raghava

On Sat 7 Apr, 2018, 9:57 PM Brandon Perry, <mailto:bperry.volat...@gmail.com>> wrote:





On Apr 7, 2018, at 10:56 AM, Anantha Raghava
mailto:rag...@exzatechconsulting.com>> wrote:

Hi,

I have been using OpenVas vulnerability scanning for sometime now.

I am trying to scan for Oracle Database on Windows to start with
for vulnerabilities. When I select Full & Fast scan config, I
receive report "Oracle tns lister refused connection" error. It
detects the ports properly, but Oracle tns listner refuses the
connection. I tried to create a new scan config, selected
Databases NVT. It resulted 0 vulnerabilites  whereas Oracle 11g
is running on the target host.

How do I scan Oracle for vulnerabilities? Can some one guide me
how to proceed further?



Chances are you want to do an authenticated scan on the machine
so that patch levels can be enumerated. Then you don’t have to
worry about connecting to Oracle at all.


--

Thanks & Regards,


Anantha Raghava

Do not print this e-mail unless required. Save Paper & trees.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss






___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Microsoft releases update that fixes problematic Meltdown patch

2018-03-30 Thread Antu Sanadi

Hello All, Microsoft today issued an emergency security update to 
correct a security update it issued earlier this month to correct a 
security update it issued in January and February. In January and 
February, Microsoft released the fixes for Windows 7 and Server 2008 R2 
machines to Meltdown chip-level vulnerability in modern Intel x64 
processors. Unfortunately, those patches leading normal applications and 
logged-in users to access and modify any part of physical RAM, and gain 
complete control. If you're using Windows 7 or Server 2008 R2 and have 
applied Microsoft's Meltdown patches, you'll have to install today's 
out-of-band update(KB4100480) for CVE-2018-1038. We have now created the 
NVT to detect this vulnerability(soonwill be update into feed), Please 
do scan with updated feed to detect the vulnerability andstrongly 
recommended toapply security patches as soon as possible to stay secure. 
Thanks, Antu Sanadi


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Drupal core - Highly critical - Remote Code Execution(Drupalgeddon2) Vulnerability

2018-03-29 Thread Antu Sanadi

Hello All, Drupal has released patches for highly critical 
vulnerability(SA-CORE-2018-002) for all supported and non-supported 
versions of Drupal CMS and CVE identifier has assigned the 
CVE-2018-7600. The vulnerability allows an attacker to execute arbitrary 
code in the main component of the system and intercept control of the 
site. The attacker does not need to register or authenticate to exploit 
the vulnerability. Drupal has named this vulnerability as 
"Drupalgeddon2".We have now created the NVTs to detect this 
vulnerability(soonwill be update into feed), Please do scan with updated 
feed to detect the vulnerability andstrongly recommended toapply 
security patches as soon as possible to stay secure. Thanks, Antu Sanadi



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] No Java detection during authenticated scan

2017-12-19 Thread Antu Sanadi


Hello,

Which Java version is installed?  Just for testing, Install the new 
version of java and check. This might give you some hints like is it 
really problem with obsolete version.


Thanks,
Antu Sanadi


On Tuesday 19 December 2017 04:01 PM, Joachim Trouverie wrote:

Hi,

I have a problem of Java version detection during authenticated scans 
on a Windows 7 machine. We have installed an obsolete Java version for 
test but there is no detection of it.


It seems Openvas authenticate correctly on the machine (there is a 
message in the result file confirming it). Unfortunately there are no 
information about Java software detection.


Could someone point me in the right direction to fix this ?

--
ITrust
Trouverie Joachim| Responsable IKare
Phone +33(0)5.82.95.51.15 | 
emailjtrouve...@itrust.fr <mailto:jtrouve...@itrust.fr>

www.itrust.fr <http://www.itrust.fr/>
| IT Security Experts (Services & Solutions)| Keep Information 
Security Simple
This e-mail and any attachments are confidential and intended to their 
recipient(s) only.





___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] INTEL-SA-00086 not detected

2017-12-04 Thread Antu Sanadi


Hello,

Its a remote detection, Please make sure server is listening ("Server: 
Intel(R) Con. Management Engine") on HTTP port.


Thanks,
Antu Sanadi


On Monday 04 December 2017 10:51 PM, OpenVAS User wrote:

Hi,

I am trying to scan a Windows host that I know is vulnerable to 
*INTEL-SA-00086*

I saw this so I believe that the scan should give positive results:
https://vulners.com/openvas/OPENVAS:1361412562310812221
However, despite I am running the latest NVTs, I don't see the 
vulnerability trigger.

Any idea why?

Thanks in advance.


Sent with ProtonMail <https://protonmail.com> Secure Email.



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CCleaner 5.33 Payload OpenVAS scanning yet?

2017-09-18 Thread Antu Sanadi


Hello,

We are already working on it, Very soon NVTs will be updated in the feed.

Thanks,
Antu Sanadi



On Monday 18 September 2017 11:34 PM, Flamingo1 wrote:

Hi,
Is version 5.33 of CCleaner being scanned yet by OpenVas? I've heard 
around 2 Million users have been affected. I tried using the NVT Feed 
search on the OpenVAS site but, it redirected me to a greenbone log in 
and I don't have access to it even if I try logging in as a guest.


Thanks,
Flamingo




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Adobe Fixes Critical Vulnerabilities

2017-08-11 Thread Antu Sanadi


Hello all,

Adobe has released four security updates for Adobe Flash Player(APSB17-23),
Adobe Experience Manager (APSB17-26),  Adobe Acrobat and Reader 
(APSB17-24) and

Adobe Digital Editions (APSB17-27) which covers a total of 80*CVE’s*.

*Adobe Flash Player*address a critical type confusion vulnerability that 
could lead to
code execution and an important security bypass vulnerability that could 
lead to

information disclosure.

*Adobe Acrobat and Reader*address vulnerabilities rated Critical and 
Important that

could potentially allow an attacker to take control of the affected system.

*Adobe Digital Editions*updates resolves a critical heap buffer overflow 
vulnerability
that could lead to code execution, seven memory corruption 
vulnerabilities rated
important that could lead to disclosure of memory addresses and an XML 
external entity
processing vulnerability rated critical that could lead to information 
disclosure.*

*

*Adobe Experience Manager*updates resolve an important file type 
validation vulnerability

and two moderate information disclosure vulnerabilities.

*Priority of Patch :**

Product: *Adobe Flash Player
*Severity Rating*: Critical
*Impact: *Remote Code Execution

*Product: *Adobe Acrobat and Reader
*Severity Rating*: Critical
*Impact: *Remote Code Execution

*Product: *Adobe Digital Editions
*Severity Rating*: Critical
*Impact: *Memory Address Disclosure

We have now created the NVTs to detect all these vulnerabilities(soon 
will be update into feed),
Please do scan with updated feed to detect the vulnerabilities and 
strongly recommended to

apply security patches as soon as possible to stay secure.

Thanks,
Antu Sanadi
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Microsoft Fixes 48 Security Vulnerabilities (25-Critical, 21-Important, 02-Moderate)

2017-08-09 Thread Antu Sanadi


Hello All,

Microsoft has fixed the *48 *security vulnerabilities as part of August  
2017 Patch Tuesday.
Most of the them allows the *remote code execution*. According to 
severity, *25 *are rated

*Critical*, *21 *are *Important *and *two* are *Moderate*.

These vulnerabilities impact all supported versions of *Microsoft's 
Windows operating systems*

 and following softwares:
* - Internet Explorer,**
** - Microsoft Edge,**
** - Microsoft SharePoint,**
** - Adobe Flash Player and**
** - Microsoft SQL Server.*

The most serious RCE vulnerability (*CVE-2017-8620*) is related to 
how*Windows Search*
handles objects in memory.  Attacker who successfully exploited this 
vulnerability could

take control of the affected system.

A second RCE (rated important) is tied to*Windows 
Hyper-V***(*CVE-2017-8664*) and exists
when a host server fails to properly validate input from an 
authenticated user on a guest
operating system. An attacker who successfully exploited the 
vulnerability could execute

arbitrary code on the host operating system.

Microsoft has also released critical security updates for the Adobe 
Flash Player for*Internet

Explorer*, although Flash Player reach EOL at the end of 2020.

We have now created the NVTs to detect all these vulnerabilities(soon 
will be update into feed),
Please do scan with updated feed to detect the vulnerabilities and 
strongly recommended to

apply security patches as soon as possible to stay secure.

Thanks,
Antu Sanadi

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Eternalblue ms17-010 and windows 2003

2017-07-30 Thread Antu Sanadi

Hello, 

Microsoft has released patch for non supporting platforms including Windows 
2003. Target machine might be patched one.

Thanks,
Antu Sanadi
 

Sent from my Sony Xperia™ smartphone

 Ali Khalfan wrote 

>___
>Openvas-discuss mailing list
>Openvas-discuss@wald.intevation.org
>https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] gb_oracle_mysql_integer_overflow_vuln causes crash

2017-07-06 Thread Antu Sanadi


Hi,

We have tested this NVT on few of the vulnerable setups. Did not notice 
any crash, that is the reason NVT got  the script_category as ACT_ATTACK 
instead of ACT_DENIAL.


However thanks for your observation and bringing it to our notice. Will 
have another look.


Regards,
Antu Sanadi


On Thursday 06 July 2017 10:29 PM, Dan ½ wrote:
This NVT is run as part of the "Full and fast" suite, which, as per my 
understanding, should not include any destructive tests (e.g. ones 
that cause crashes on the target server).


However, I am observing 100% reproducibility when running this NVT 
against my mysql instance, version 5.6.32. Additionally, it appears 
that the NVT is not expecting the endpoint to crash. As a result, even 
though the target service crashes, OpenVas does NOT report any 
vulnerability!


I just wanted to see if anyone else observed the same behavior, and if 
we can update the category on this NVT to prevent unexpected crashes 
on critical services.


Thanks!

Dan ½
PGP Key: 0x1EF05BE04E5674F9


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Mongoose Webserver False Positive

2017-06-06 Thread Antu Sanadi


Hi,

Please can you provide scan report?

Thanks,
Antu Sanadi

On Friday 02 June 2017 11:16 PM, SpamReporterz . wrote:

Hello,

The following OID is generating a false positive:

OID:1.3.6.1.4.1.25623.1.0.802139
Version:$Revision: 3100 $

Port 2869/tcp

The scanned system does not appear to have a webserver operating at 
all, nor does netstat show any processes listening on the designated 
port.


Please advise on additional data required.

Best Regards


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] NVT selection

2017-05-23 Thread Antu Sanadi

Hello,

Yes, you can create your own scan config with selected NVTs and scan.
take a look at,

http://docs.greenbone.net/GSM-Manual/gos-3.1/en/scan_configuration.html?highlight=create%20scan%20config

Thanks,
Antu

On Tuesday 23 May 2017 08:49 PM, Atul Gupta wrote:

Hi Openvas'ers,

I want to know whether we can elect the NVT's to use while running a scan.

What if I dont want to use all the NVT in a scan type? Is there any
way to select any specific NVT

*Regards,*

-
*Atul Gupta | Consultant
*

*✆*+91- 9987330330

The information in this message may contain confidential information
and may be legally privileged. It is intended solely for the
individual(s) named. Access to this email by anyone else is
unauthorized. Please notify the sender immediately if you have
received this email by mistake and delete this email from your system.
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on
it, is prohibited and may be unlawful. Email transmission cannot be
guaranteed to be secure or error-free, as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. When addressed to our clients any decisions or
recommendations contained in this email are subject to the terms and
conditions expressed our contract and related statement of work letter(s)

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] omp --get-tasks

2017-05-17 Thread Antu Sanadi


Hi,

Have you tried restarting openvas services?

Make sure you do not have two services trying to bind to the same port 
and there is no conflict.
Generally "Failed to acquire socket" occurs when you are trying to bind 
the port which is already occupied.


And also run the openvas-check-setup script 
http://www.openvas.org/setup-and-start.html


Thanks,
Antu Sanadi



On Wednesday 17 May 2017 07:04 PM, Turner,Jonas wrote:


I had everything working great and I updated OpenVAS and apparently 
the omp CLI doesn’t work. I get the “Failed to acquire socket.” 
Error.  Any thoughts on getting this cli to work again? J



  


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Error while creating new scan config

2017-05-16 Thread Antu Sanadi


Hello,

Can you run "openvas-check-setup" 
?(http://www.openvas.org/setup-and-start.html)

It might  give some hint.

Thanks,
Antu Sanadi


On Tuesday 16 May 2017 06:57 PM, Jan Schwarzkopf wrote:


Hi there,

while creating a new scan config over the GSA unfortunately I get an 
error:


An internal error occurred while creating a new config. It is unclear 
whether the config has been created or not. Diagnostics: Failure to 
receive response from manager daemon.


Output in openvasmd.log:

md manage:WARNING:2017-05-16 13h00.57 UTC:407: sql_prepare_internal: 
sqlite3_prepare failed: table config_preferences has no column named 
hr_name


md manage:WARNING:2017-05-16 13h00.57 UTC:407: sqlv: 
sql_prepare_internal failed


The problem occurs with a newly installed ubuntu 16.04 lxc container 
as well as in our production environment. Both are running with Ubuntu 
16.04 and the official PPA


mrazavi/openvas 
<https://launchpad.net/%7Emrazavi/+archive/ubuntu/openvas>.


Do you have any idea how I could fix this error?

Best Regards

Jan



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] WannaCry Ransomware detection.

2017-05-15 Thread Antu Sanadi


Hello all,

Critical WannaCry ransomware is  spreading very fast,  We have already 
detection NVTs for this Local and remote,

 - gb_ms17-010.nasl(Credentials check)
 - gb_ms17-010_remote.nasl (non-credential)

Please scan these NVTs and make sure you are not affected and Let us 
know if  you need any help on this.


Thanks,
Antu Sanadi

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] How detect WannaCry with OpenVAS Version 6.0.6

2017-05-14 Thread Antu Sanadi


Hi,


On Sunday 14 May 2017 02:57 AM, William Coquelin wrote:
I think the easiest way is to look for these cve 
vulnerabilities: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, 
CVE-2017-0146, CVE-2017-0147, CVE-2017-0148 in your results.


Make sure your feed is updated. But if there is a way to scan only for 
that, I'm not sure.
You scan for this by selecting only gb_ms17-010.nasl  and 
gb_ms17-010_remote.nasl .


Thanks,
Antu Sanadi




Bill




 Original message 
From: ZAKAN Security 
Date: 5/13/17 3:55 PM (GMT-05:00)
To: 'zen works' , 
openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] How detect WannaCry with OpenVAS 
Version 6.0.6


Hello

Good question ! Idon’t know too.

Regards,

*---*

*K. BEKKOUCHE*

*   Tel FR : +33 625 535 665*

*   Tel DZ : +213 661 391 516*

Site : www.zakansecurity.com <http://www.zakansecurity.com/>

*   Security Expert*

*   OSCP - Offensive Security Certified Professional.*

*   CEHv9 - Certified Ethical Hacker.*

*   PENTESTIT - Certified IT Pentester (Russian Laboratory)*

*   CISSP - Certified Information Systems Security Professional.*

*   Maware Analyst.*

*   Forensics.*

*De :*Openvas-discuss 
[mailto:openvas-discuss-boun...@wald.intevation.org] *De la part de* 
zen works

*Envoyé :* samedi 13 mai 2017 19:49
*À :* openvas-discuss@wald.intevation.org
*Objet :* [Openvas-discuss] How detect WannaCry with OpenVAS Version 6.0.6

Dear all,

I'm novice regarding OpenVAS.

I try to understant how create a scan to detecte SMB Vulnerability 
MS17-010 (WannaCry).


If it's possible, could you tell me step by step how perform this scan?

I'm use OpenVAS Version 6.0.6

Thanks in advance,

Zenworld



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] How detect WannaCry with OpenVAS Version 6.0.6

2017-05-14 Thread Antu Sanadi


Hello,

There are 2 NVTs presently available in feed  to detect the WannaCry ,
- gb_ms17-010.nasl and
- gb_ms17-010_remote.nasl

Please select them and  do the scan it will detect the WannaCry.

Thanks,
Antu Sanadi



On Sunday 14 May 2017 01:25 AM, ZAKAN Security wrote:


Hello

Good question ! Idon’t know too.

Regards,

*---*

*K. BEKKOUCHE*

*   Tel FR : +33 625 535 665*

*   Tel DZ : +213 661 391 516*

Site : www.zakansecurity.com <http://www.zakansecurity.com/>

*Security Expert*

*OSCP - Offensive Security Certified Professional.*

*CEHv9 - Certified Ethical Hacker.*

*PENTESTIT - Certified IT Pentester (Russian Laboratory)*

*CISSP - Certified Information Systems Security Professional.*

*Maware Analyst.*

*Forensics.*

*De :*Openvas-discuss 
[mailto:openvas-discuss-boun...@wald.intevation.org] *De la part de* 
zen works

*Envoyé :* samedi 13 mai 2017 19:49
*À :* openvas-discuss@wald.intevation.org
*Objet :* [Openvas-discuss] How detect WannaCry with OpenVAS Version 6.0.6

Dear all,

I'm novice regarding OpenVAS.

I try to understant how create a scan to detecte SMB Vulnerability 
MS17-010 (WannaCry).


If it's possible, could you tell me step by step how perform this scan?

I'm use OpenVAS Version 6.0.6

Thanks in advance,

Zenworld



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] "Failed to acquire socket" after yum update.

2017-05-05 Thread Antu Sanadi


Hi,

Restarting all OpenVAS  Instances (scanner, manager..etc) ad
rebuilding (openvasmd --rebuild) should fix the issue.

Thanks,
Antu Sanadi

On Thursday 04 May 2017 07:33 PM, Mathew Shires wrote:
I installed OpenVAS via the Atomic repo on CentOS 7 a few months ago 
and it worked perfectly, recently however I ran "yum update" and now 
it no longer works.
Any attempts to use omp or openvas-cli gives the response "Failed to 
acquire socket."

WARNING: Verbose mode may reveal passwords!

Will try to connect to host 127.0.0.1, port 9390...

(omp:1198): lib  serv-WARNING **: Failed to connect to server
Failed to acquire socket.


systemctl status shows that the openvas-manager and openvas-scanner 
services are running
openvas-check-setup says "ERROR: OpenVAS Scanner too old or too new: 
5.1.1"


Installed packages

openvas-smb-1.0.1-0.2.el7.art.x86_64
openvas-cli-1.4.5-1293.el7.art.x86_64
openvas-manager-7.0.1-1230.el7.art.x86_64
openvas-scanner-5.1.1-25.el7.art.x86_64
openvas-9.0.0-1244.el7.art.noarch
openvas-libraries-9.0.1-25.el7.art.x86_64


--

Mathew Shires

--

NQC Logo

NQC Ltd
1 George Leigh Street, Manchester, M4 5DL, United Kingdom
Support Centre +44 (0) 845 299 2994
Find out more on youtube.com/nqccom <http://youtube.com/nqccom>
© 2003 - 2016 NQC Ltd. (04854362) All Rights Reserved.

---

This email and any attachments may be confidential and are intended 
solely for the use of the individual to whom it is addressed. If you 
are not the intended recipient, please delete this e-mail immediately 
and neither take any action based upon its contents, nor copy, use, 
print, distribute or disseminate it or any information contained in it.




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS NVT Feed Issues

2017-04-26 Thread Antu Sanadi


Hi,


Looks like your "openvasmd --rebuild" getting failed. Please run,

openvasmd --rebuild --progress  and check the result. Also run ,

sqlite3 /usr/local/var/lib/openvas/mgr/tasks.db "select count(*) from 
nvts;" and let me know the result.


Thanks,
Antu Sanadi

On Wednesday 26 April 2017 02:02 AM, Sumner Meckel wrote:



Hello,

I keep receiving an error where the setup log indicates that I have an 
NVT feed with not enough samples in it, so the setup is not complete.  
I have run the certificate checks, the openvasmd --rebuild command, 
and I have used the openvas-nvt-sync command successfully, but none of 
these fix the issue.  My database seems out of date (4/11/7017) by 
about two weeks, but the NVT sync feed says that all is accounted for 
and that the sync is up to date.  The setup  check script has been 
helpful, but now I'm stuck and I'm not sure how to get the NVT feed to 
register.  I also tried downloading the latest NVT compilation from 
the link on the openvas.org/openvas-nvt-feed web page, but no luck.





___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Windows Event ID 4009

2017-04-26 Thread Antu Sanadi


Hi,


On Tuesday 25 April 2017 07:17 PM, Ben Langrill wrote:

Hello,

The default 'full and fast' profile is triggering Windows Event ID 
4009 on a number of Windows print servers. 
(https://technet.microsoft.com/en-us/library/cc773970.aspx) The event 
description is a variant of: "Printer \\\ specified in 
the request from  does not exist: request ignored."  This 
event ID is unfortunately tied to an auto ticket generation workflow 
so this has caused some issues.


Is there a way to determine specifically which NVT is responsible? I 
don't see any obvious options or NVTs related to it but suspect is has 
something to do with SMB resource enumeration.


  Take a look at find_service.nasl , find_service1.nasl , 
find_service2.nasl  and it's dependencies.

  These are the NVTs primarily responsible for detecting servers/services.

 Thanks,
 Antu Sanadi



Thanks for any help!
Ben


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] gb_office_suite_ms15-081.nasl

2017-03-31 Thread Antu Sanadi


Hi,

Yes, you are correct. Fixed the issue  and It will reflect into the next 
OpenVAS updated feed.


Thanks,
Antu Sanadi

On Thursday 30 March 2017 06:49 PM, Antu Sanadi wrote:


Hello,

Thanks for reporting,  Let me  have look at this.

Thanks,
Antu Sanadi



On Thursday 30 March 2017 05:30 PM, Roger Davies wrote:

Hi

I've just noticed that the 2015/gb_office_suite_ms15-081.nasl script 
is referencing the incorrect file version format for vbe7.dll.


The line in question is line 176:-
 version_in_range(version:vbVer, test_version:"7.0", 
test_version2:"7.00.1636"))


and this I belive should be:-
 version_in_range(version:vbVer, test_version:"7.0", 
test_version2:"7.0.16.36"))


Thanks

Roger



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] gb_office_suite_ms15-081.nasl

2017-03-30 Thread Antu Sanadi


Hello,

Thanks for reporting,  Let me  have look at this.

Thanks,
Antu Sanadi



On Thursday 30 March 2017 05:30 PM, Roger Davies wrote:

Hi

I've just noticed that the 2015/gb_office_suite_ms15-081.nasl script 
is referencing the incorrect file version format for vbe7.dll.


The line in question is line 176:-
 version_in_range(version:vbVer, test_version:"7.0", 
test_version2:"7.00.1636"))


and this I belive should be:-
 version_in_range(version:vbVer, test_version:"7.0", 
test_version2:"7.0.16.36"))


Thanks

Roger



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2017-5638

2017-03-17 Thread Antu Sanadi


Hi,

Already NVT (gb_apache_struts_CVE_2017_5638.nasl)  is available is 
OpenVAS feed.

It should detect the mentioned CVE vulnerability .

Thanks
Antu Sanadi

On Wednesday 15 March 2017 09:49 PM, Ebert, Christian wrote:


Hi everyone,

is there any possibility to use OpenVAS to check against the Apache 
Struts2 vulnerability CVE-2017-5638?


There is an NMAP NSE: 
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html


Does anybody have experience with this NSE? Is it reliable?

Best regards

Christian Ebert



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Solaris10 report pam_krb5

2017-03-06 Thread Antu Sanadi


Hello,

Can you provide the details about NVT name/id,  which is reporting this?

Thanks,
Antu Sanadi



On Monday 06 March 2017 02:34 PM, ervingo wrote:

Hi,

This is from report openvas:
Vulnerability: Solaris Update for pam_krb5.so.1 140130-09 / Serevity 
10.0 (High)


Where 140130-09 is number patch. However, when I checked it on the 
system in Solaris


solaris# showrev -p | grep 140130-09
Patch: 141501-03 Obsoletes: 125168-01, 138292-01, 138372-06, 
139479-01, 140130-09 Requires: 118855-36, 120012-14, 127128-11, 
137138-09 Incompatibles:  Packages: SUNWgssk, SUNWcslr, SUNWspnego, 
SUNWkdcu, SUNWkrbu, SUNWgssc, SUNWgss, SUNWkrbr, SUNWhea


It seems the patch is installed. Patch 140130-09 is included with the 
patch 141501-03 in context Obsoletes.


Kernel architecture: i86pc
Application architecture: i386
Kernel version: SunOS 5.10 Generic_142901-03

Is this a bug or something mismatched?


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] FP: Hillstone Software TFTP Write/Read Request Server Denial Of Service

2017-03-02 Thread Antu Sanadi


Hi,

Thanks for reporting, Le me have a look.

Thanks,
Antu Sanadi


On Thursday 02 March 2017 08:55 PM, Reindl Harald wrote:
well, i honestly doubt that on our reverse-proxy something is 
listening on UDP ports at all..

___

Proto Recv-Q Send-Q Local Address   Foreign Address 
State   PID/Program name
tcp0  0 0.0.0.0:80  0.0.0.0:* LISTEN 
20065/traffic_manag
tcp0  0 127.0.0.1:8083  0.0.0.0:* LISTEN 
20065/traffic_manag
tcp0  0 127.0.0.1:8084  0.0.0.0:* LISTEN 
20072/traffic_serve

tcp0  0 127.0.0.1:530.0.0.0:* LISTEN 811/dnsmasq
tcp0  0 0.0.0.0:443 0.0.0.0:* LISTEN 
20065/traffic_manag

tcp0  0 0.0.0.0:10022   0.0.0.0:* LISTEN 17385/sshd
udp0  0 127.0.0.1:530.0.0.0:* 811/dnsmasq
___

Hillstone Software TFTP Write/Read Request Server Denial Of Service 
Vulnerability WillNotFix

5.0 (Mittel)
99% 10.0.0.4 69/udp
Notiz hinzufügen
Übersteuerung hinzufügen
Zusammenfassung

This host is running Hillstone Software TFTP Server and is prone to 
denial of service vulnerability.

Ergebnis zur Schwachstellenerkennung

Schwachstelle wurde gemäß der Methode zur Schwachstellenerkennung 
erkannt.

Auswirkungen

Successful exploitation will allow attacker to crash the server 
process, resulting in a denial-of-service condition.


Impact Level: Application
Lösung

Art der Lösung: WillNotFix WillNotFix

No solution or patch was made available for at least one year since 
disclosure of this vulnerability. Likely none will be provided 
anymore. General solution options are to upgrade to a newer release, 
disable respective features, remove the product or replace the product 
by another one.

Betroffene Software/OS

Hillstone Software HS TFTP version 1.3.2
Schwachstellen-Einblick

The flaw is caused by an error when processing TFTP write and read 
requests, which can be exploited to crash the server via a specially 
crafted request sent to UDP port 69.

Methode zur Schwachstellenerkennung

Details: Hillstone Software TFTP Write/Read Request Server Denial Of 
Service Vulnerabili... (OID: 1.3.6.1.4.1.25623.1.0.802406)


Benutzte Version: $Revision: 3117 $
Verweise

CVE: CVE-2011-4720
BID: 50886
Andere: http://secpod.org/blog/?p=419
http://packetstormsecurity.org/files/107468/hillstone-dos.txt
http://secpod.org/advisories/SecPod_Hillstone_Software_HS_TFTP_Server_DoS.txt 


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Newbie CLI question

2017-03-02 Thread Antu Sanadi


Hi,

Please go through the  below links it might help you.

http://www.openvas.org/openvas-cr-28.html
http://www.openvas.org/protocol-doc.html
https://elastic-security.com/2013/07/18/automation-of-vulnerability-assessments-with-openvas/

Thanks,
Antu Sanadi



On Thursday 02 March 2017 01:23 PM, Dragonmaw wrote:

Hello,
i have been looking through the (rather obscure) openvas 
documentation, but nowhere can i find a remedy to my problem: i want 
to scan a specific host, using a specific NVT from the command line 
using omp. How can i do that ?


Thank you very much!
Enrico

Sent from ProtonMail <https://protonmail.ch>, encrypted email based in 
Switzerland.





___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas needs time to load nvts

2017-01-05 Thread Antu Sanadi


Hi,

Looks like, openvas manager has stopped in between. Start the manager 
and try again
if all NVTs are loaded it will show as all NVTs are loaded and to see 
the loading status run


#openvassd  -f and it will take around 3-5 minutes to load all NVTs.

Thanks,
Antu Sanadi

On Thursday 05 January 2017 12:55 PM, Shreyas M R wrote:

Hi,

I want to know is there any way to check whether all nvts are loaded 
to openvas. That means wen you start openvas gui and start a scan 
immediately, it wont start and it will tel e*rror 503 omp service 
down* and *some nvt/total nvt loaded(like this 58421/65741)*

*
*
Thanks
Tha
--

Shreyas M R
http://about.me/shreyasmrs

<http://about.me/shreyasmrs?promo=email_sig>



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] PDF report stuck

2016-11-21 Thread Antu Sanadi


Hello Abel,

To be a more specific, you can get it from  Commandline Interface (CLI) 
http://www.openvas.org/install-source.html  and After installing run the 
# omp --help  for more details.


-Antu

On Monday 21 November 2016 03:12 AM, Fábio Fernandes wrote:


That seems like a huge report. Try to get it through the manager API.

Fabio

No dia 20/11/2016, às 08:33, Abel Browarnik > escreveu:


Hi,
I have run a scan for a bunch of endpoints. The result seems to be 
quite big. As a result (I guess) when I ask to download a pdf report 
I see the browser stuck and no report is obtained. How can I obtain 
it, even manually?

The XML file is 24.8 MB. Maybe this gives a clue…
Thank you in advance
Abel
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org 


https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Can't edit one single port list

2016-11-20 Thread Antu Sanadi


Hi,


On Saturday 19 November 2016 01:34 AM, fschnit...@execulink.com wrote:

Hello,

Trying to edit any of the included port lists and can't. I have two 
users, admin and another one. I have deleted all reports, tasks, etc, 
and changed targets to not point to the port list I want to to edit.


None of my port lists show the wrench as either my admin or other 
user. If I click on the "All IANA assigned TCP 2012-02-10" port list, 
I do not have the option to edit it ad at the bottom it says: "Targets 
using this Port List: None."


If I create a new port list, I can edit that one, and Targets don't 
let you add more than one port list.


 While creating port list you can select the  port range or create port 
list file and import it.
 For example T:1-3,U:7,9-11 defines the TCP ports 1, 2 and 3, and the 
UDP ports 7, 9, 10 and 11.


 I did not understand what is the scenario and where more than one port 
list is required.


- Antu



Thanks in advance,

Ted




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Need Help to install openvas on ubuntu 14.04.

2016-11-20 Thread Antu Sanadi

On Friday 18 November 2016 08:23 PM, Katakam Ravi wrote:

Hi Benjamin,

Thanks for the suggestion!.

*1. I am following below url to setup the opnVAS.*

http://pentestit.de/openvas-9-auf-ubuntu-14-04-lts-installieren/

*2. know struck with below issue .*

root@ubuntu:/home/admin-nfv# sudo openvas-scapdata-sync
sudo: openvas-scapdata-sync: command not found

  Hello Ravi,

  Try to run:
  #greenbone-scapdata-sync

*3. Use below comand to find the issue , got below out put. Pls give 
me hint to come out of this issue ..*

root@ubuntu:/home/admin-nfv# ./openvas-check-setup --v9
openvas-check-setup 2.3.6
  Test completeness and readiness of OpenVAS-9

Please report us any non-detected problems and
  help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze 
the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
  OK: OpenVAS Scanner is present in version 5.1+beta3.
  OK: redis-server is present in version v=2.8.4.
  OK: scanner (kb_location setting) is configured properly using the 
redis-server socket: /var/run/redis/redis.sock
  OK: redis-server is running and listening on socket: 
/var/run/redis/redis.sock.

  OK: redis-server configuration is OK and redis-server is running.
  OK: NVT collection in /var/lib/openvas/plugins contains 50315 NVTs.
  WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
  SUGGEST: Enable signature checking (see 
http://www.openvas.org/trusted-nvts.html).
  OK: The NVT cache in /var/cache/openvas contains 50315 files for 
50315 NVTs.

Step 2: Checking OpenVAS Manager ...
  ERROR: OpenVAS Manager too old or too new: 6.1+beta3

  It's clear from the log message that  you have older version of 
OpenVAS-Manager

  and it is not compatible with V9.

  Run the below command and check which version you have.
#openvasmd --version

  - Antu

  FIX: Please install OpenVAS Manager 7.0.
  HINT: Please see the --v6/7/8/9 command line options to check other 
major versions.

 ERROR: Your OpenVAS-9 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us 
analyze the problem.

Thanks & Regards,
Ravi.

-"LeBlanc Benjamin-Hugo (EXT)" 
 wrote: -

To: Katakam Ravi 
From: "LeBlanc Benjamin-Hugo (EXT)" 

Date: 11/17/2016 08:48PM
Cc: "openvas-discuss@wald.intevation.org" 

Subject: RE: [Openvas-discuss] Need Help to install openvas on ubuntu 
14.04.

Ravi,

First, ping feed.openvas.org to check if the packets go through.

Then, make sure your firewall has port tcp 873 enabled. This should be 
pretty easy to troubleshoot.

True, you can download the full packets, but that will be a hassle 
over time.

Benjamin-Hugo LeBlanc

*De :*Katakam Ravi [mailto:katakam.r...@tcs.com]
*Envoyé :* 17 novembre 2016 09:43
*À :* LeBlanc Benjamin-Hugo (EXT) 

*Cc :* openvas-discuss@wald.intevation.org
*Objet :* RE: [Openvas-discuss] Need Help to install openvas on ubuntu 
14.04.

Hi  Benjamin,

Thanks for the infomation! followed the same steps 
previously(https://launchpad.net/~mrazavi/+archive/ubuntu/openvas 
).

Able to solve key issues , used the below steps to solve it.

gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv 4AA450E0

gpg --export --armor 4AA450E0 | sudo apt-key add -

*Know facing new  issue,  unable to  run **/sudo openvas-nvt-sync, 
/**because issue of telnet feed.openvas.org 873. *

*Using wget got the **openvas-nvt-feed-current.tar.bz2, i am struck 
**pls suggest me wt have to do next.*

Thanks & Regards,

Ravi.

-"LeBlanc Benjamin-Hugo (EXT)" 
> wrote: -

To: Katakam Ravi mailto:katakam.r...@tcs.com>>, 
"openvas-discuss@wald.intevation.org 
" 
>
From: "LeBlanc Benjamin-Hugo (EXT)" 
>

Date: 11/17/2016 07:39PM
Subject: RE: [Openvas-discuss] Need Help to install openvas on ubuntu 
14.04.

Ravi,

Did you do an apt-get update after adding the repo? These commands 
work fine with a fresh installation of Ubuntu Server 16.04, and so 
should work also with Ubuntu 14.04 :

/sudo add-apt-repository ppa:mrazavi/openvas/

/sudo apt-get update/

/sudo apt-get install openvas #installs openvas-8 (otherwise use 
"openvas9")/

/sudo apt-get install sqlite3/

//

/sudo openvas-nvt-sync/

/sudo openvas-scapdata-sync/

/sudo openvas-certdata-sync/

//

/sudo service openvas-scanner restart/

/sudo service openvas-man

Re: [Openvas-discuss] Windows SBS2011 and CVE-2014-1812

2016-09-27 Thread Antu Sanadi


Hi,

NVT is handling it perfectly. May be some other issues.  You are able to 
login the

target machine? and make sure "RemoteRegistry: service is running.

Thanks,
Antu Sanadi.


On Friday 23 September 2016 05:17 PM, Chris Bridges wrote:

Hi.

Running OV8 on Ubuntu from M.Ravazi PPA, and everything seems to work well, but 
there are definitely some CVE’s that are definitely a problem on the Windows 
SBS2011 server, but are not being picked up on Openvas.

The Specifics are that CVE-2014-1812 requires the gppref.dll to be between 
6.1.7601.22000 -> 22604 ( for server 2008 R2) which is what SBS2011 is built on.
The Actual file version or gppref.dll on the machine is 6.1.7601.17514 ( ie 
should be reporting this as a problem)

My Scan config is
Network Vulnerability Test Families :
Windows : all selected
Windows : Microsoft Bulletins : all selected, and 'Microsoft Group Policy 
Preferences Privilege Elevation Vulnerability (2962486)' is located in this 
list.

This is an authenticated scan with a valid domain account, and the 'Login 
configurations' - NTLMSSP - yes

The Actual reported operating system version is
OS Name:   Microsoft Windows® Small Business Server 2011 
Standard
OS Version:6.1.7601 Service Pack 1 Build 7601

Does anyone have any thoughts as to why this is not being picked up, or is 
there something I have not selected ?

Many Thanks
Chris


-
RFEL : SIGNAL PROCESSING IQ : FPGA EXPERTISE
Chris Bridges  , Head of IT & Engineering Support , DDI +44 (0)1983 216631  M 
+44 (0)7776 234533
RFEL Ltd, Unit B, The Apex, St Cross Business Park, Newport, Isle of Wight, 
PO30 5XW,UK
T +44 1983 216600  F +44 1983 216611  E chris.brid...@rfel.com  W www.rfel.com
-
Company No : 2389307 : This e-mail is for the intended addressee only. If you 
have received it in error then you must not use, retain, disseminate or 
otherwise deal with it. Please notify the sender by return email and then 
delete the e-mail. The views of the author may not necessarily constitute the 
views of RFEL Ltd.


_
This email has been scanned by the MessageLabs
_
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] SMB Brute Force Logins With Default Credentials

2016-09-01 Thread Antu Sanadi


Hi,

Fixed the issue, updated NVT will be available in coming OpenVAS feed.

Thanks for reporting!

Regards,
Antu Sanadi

On Thursday 01 September 2016 01:17 PM, Schwarz Stefan wrote:

Helmut,

i have an open support-ticket on that issue. There was a fix on that NVT
some weeks before, but now it seems to me that this is only related to SMB
on Linux. It seems to be fixed on Windows-machines. It shouldn't be a
vulnerability at all.

Stefan
  


-Ursprüngliche Nachricht-
Von: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] Im
Auftrag von Helmut Koers
Gesendet: Donnerstag, 1. September 2016 08:58
An: openvas-discuss@wald.intevation.org
Betreff: [Openvas-discuss] SMB Brute Force Logins With Default Credentials

A recent scan shows a lot of "SMB Brute Force Logins With Default
Credentials" on a single host. The details is always "It was possible to
login with the following credentials via the SMB protocol.
:" with different user/password combinations.

The related host seems to have a guest sessions with any credentials allowed
.

Is it supposed to result in multiple vulnerabilities, or shouldn't this just
result in one vulnerability?

Thanks,
Helmut


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Apache v2.2.10 multiple vulnerabilities

2016-05-19 Thread Antu Sanadi


Hello,

Looks like these are vulnerable only on Linux platform. We have many 
NVTs for Linux.



Thanks,
Antu Sanadi

On Thursday 19 May 2016 10:38 AM, flymolon wrote:
As listed on this page 
http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/version_id-77223/Apache-Http-Server-2.2.10.html,

muliple vulnerabilities affect apache v2.2.10,
I installed an apache v2.2.10 on windows 7,
but many of them such as CVE-2014-0231, CVE-2014-0098 and 
CVE-2013-1862 are not reported, are they false positives on windows?



flymolon


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Reg MySQL Vulnerability

2016-05-13 Thread Antu Sanadi

Hi,

Fixed the issue next updated OpenVAS feed.

Thanks,
Antu Sanadi

On Friday 13 May 2016 03:53 PM, Antu Sanadi wrote:

Hi,

Thanks for reporting, We are able to reproduce the issue. Looks like
it's false detection.

we will update the plugin.

Thanks,
Antu Sanadi

On Wednesday 11 May 2016 04:55 PM, Sai Ravi wrote:

Hi Team
We did a vulnerability scan to our My SQL Database servers and
encountered the below vulnerability.

MySQL Authentication Error Message User Enumeration Vulnerability
<http://10.100.13.44:9395/omp?cmd=get_result&result_id=7b2ef354-c887-42f5-ae0e-30dee639a3db&apply_overrides=&task_id=&name=&report_id=3b0db629-5e59-42c5-9a5a-7cf2a9f562eb&filter=&filt_id=&overrides=&autofp=&report_result_id=7b2ef354-c887-42f5-ae0e-30dee639a3db&token=7857e74b-763c-4cbb-a70c-6363bbd5574b>

As mentioned in the solution, we updated our MY SQL servers to latest
version 5.6.27.But still the mentioned vulnerability is getting reported.

NOTE : It was also confirmed by Oracle support team that no
vulnerability exists in version 5.6.27

Inline image

Kindly do let us know how we can proceed further to provide a closure.

Inline image

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Reg MySQL Vulnerability

2016-05-13 Thread Antu Sanadi


Hi,

Thanks for reporting, We are able to reproduce the issue. Looks like 
it's false detection.

we will  update the plugin.

Thanks,
Antu Sanadi



On Wednesday 11 May 2016 04:55 PM, Sai Ravi wrote:

Hi Team
   We did a vulnerability scan to our My SQL Database 
servers and encountered the below vulnerability.


MySQL Authentication Error Message User Enumeration Vulnerability 
<http://10.100.13.44:9395/omp?cmd=get_result&result_id=7b2ef354-c887-42f5-ae0e-30dee639a3db&apply_overrides=&task_id=&name=&report_id=3b0db629-5e59-42c5-9a5a-7cf2a9f562eb&filter=&filt_id=&overrides=&autofp=&report_result_id=7b2ef354-c887-42f5-ae0e-30dee639a3db&token=7857e74b-763c-4cbb-a70c-6363bbd5574b>


As mentioned in the solution, we updated our MY SQL servers to latest 
version 5.6.27.But still the mentioned vulnerability is getting reported.


NOTE : It was also confirmed by Oracle support team that no 
vulnerability exists in version 5.6.27


Inline image


Kindly do let us know how we can proceed further to provide a closure.

Inline image



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Openvas Reloaded all the NVTs issue

2016-02-12 Thread Antu Sanadi


Hello,

Kill all the OpenVAS instances(process), run  "openvas-nvt-sync" and
start all OpenVAS services again. This  should fix the issue.

Thanks,
Antu


On Thursday 11 February 2016 03:00 AM, Tom Hangstin wrote:

Hello all,
First I want to say I love OpenVAS! I was using Openvas on Kali 2 with 
out issue for a while, last night i had to force stop a scan in 
progress. First i hit the stop button in the gsad UI but after an hour 
i had to shut it down using "openvas-stop" from the command line. Now 
after bringing the system back on line i cant start a scan from the 
gsad UI and "ps aux|grep openvas" returns "openvassd: Reloaded all the 
NVTs" instead of waiting for connections. Did something get corrupt 
when the force shutdown happen? Any ideas on how to fix this?


Thank you!


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner loading: 43450 / 45616 nvts

2016-02-11 Thread Antu Sanadi


Hi,

You need create an administrator user with the --create-user option of
"openvasmd":

$ openvasmd --create-user=myuser

The new user's password is printed on success.

An administrator user can later create further users or
administrators via clients like the Greenbone Security Assistant (GSA).

Also, the new user can change her password via GSA.

For more please  refer the INSTALL file from openvas-manager-6.0.7.

Thanks,
Antu

On Tuesday 09 February 2016 10:18 PM, SaiKrishna Katta wrote:


Hi All,

Since from a week and half, I am trying to search internet on fixing 
below error.


I installed openvas on Kali Linux and noticed that scans are getting 
hanged.

For that I tried

#openvas-setup

 And NVT is getting updated and hangs here. Not sure what is happening.



mdotp-Message: Scanner loading: 42600 / 45616 nvts.
   /md   
 otp-Message: Scanner loading: 43450 / 45616 nvts.
   \md   
 otp-Message: Scanner loading: 44200 / 45616 nvts.
   /md   
 otp-Message: Scanner loading: 44800 / 45616 nvts.
   \md   
 otp-Message: Scanner loading: 45400 / 45616 nvts.



tried removing /var/lib/openvas /var/lib/cache and executed 
openvas-setup and still it hangs near 45000 nvts.


when I check openvas-check -setup am getting below error.

root@kali01:~# openvas-check-setup
openvas-check-setup 2.3.0
  Test completeness and readiness of OpenVAS-8
  (add '--v6' or '--v7' or '--9'
   if you want to check for another OpenVAS version)

  Please report us any non-detected problems and
  help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze 
the problem.


  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.0.1.
OK: OpenVAS Scanner CA Certificate is present as 
/var/lib/openvas/CA/cacert.pem.
OK: OpenVAS Scanner server certificate is valid and present as 
/var/lib/openvas/CA/servercert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 45546 
NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS 
Scanner.
SUGGEST: Enable signature checking (see 
http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 45546 files 
for 45546 NVTs.

OK: redis-server is present in version v=2.8.17.
OK: scanner (kb_location setting) is configured properly using 
the redis-server socket: /var/lib/redis/redis.sock
OK: redis-server is running and listening on socket: 
/var/lib/redis/redis.sock.

OK: redis-server configuration is OK and redis-server is running.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 6.0.1.
OK: OpenVAS Manager client certificate is valid and present as 
/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in 
/var/lib/openvas/mgr/tasks.db.

OK: Access rights for the OpenVAS Manager database are correct.
md   main:WARNING:21198:2016-02-09 14h21.07 utc: database must be 
initialised from scanner (with --update or --rebuild)
ERROR: No users found. You need to create at least one user to 
log in.

It is recommended to have at least one user with role Admin.
FIX: create a user by running 'openvasmd --create-user= 
--role=Admin && openvasmd --user= --new-password='


 ERROR: Your OpenVAS-8 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us 
analyze the problem.




Can some one help me on this please ?

-Regards,
Katta.




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas-check-setup

2016-02-11 Thread Antu Sanadi


Hi,

Looks like openvas manager is not started start it.
To start run command  openvasmd

cross verify manager is started or not by running command netstat -antp
following response you should gett

tcp6   0  0 :::9390 :::*LISTEN  
15857/openvasmd


Thanks,
Antu

On Tuesday 09 February 2016 10:29 AM, Hanel Rahman wrote:

Please help to find solution


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanner doesn't start

2016-01-04 Thread Antu Sanadi


On Monday 04 January 2016 02:12 AM, fbrand . wrote:
I redid everything according to the Trusted NVT page, and did it the 
same as the first time.
Only thing I can see is the Unsafe Permissions, but I'm not sure how 
to handle that.

What does it mean?


root@localhost:/tmp# wget http://www.openvas.org/OpenVAS_TI.asc
converted 'http://www.openvas.org/OpenVAS_TI.asc' (ANSI_X3.4-1968) -> 
'http://www.openvas.org/OpenVAS_TI.asc' (UTF-8)

--2016-01-03 22:18:07-- http://www.openvas.org/OpenVAS_TI.asc
Resolving www.openvas.org  (www.openvas.org 
)... 5.9.98.186
Connecting to www.openvas.org  
(www.openvas.org )|5.9.98.186|:80... connected.

HTTP request sent, awaiting response... 200 OK
Length: 1673 (1.6K) [text/plain]
Saving to: 'OpenVAS_TI.asc.1'

OpenVAS_TI.asc.1   100%[===>]   1.63K --.-KB/s   in 0.005s

2016-01-03 22:18:11 (306 KB/s) - 'OpenVAS_TI.asc.1' saved [1673/1673]

root@localhost:/tmp# gpg --homedir=/etc/openvas/g
gnupg/ gsad_log.conf
root@localhost:/tmp# gpg --homedir=/etc/openvas/gnupg/ --import 
OpenVAS_TI.asc

gpg: WARNING: unsafe permissions on homedir `/etc/openvas/gnupg/'
gpg: key 48DB4530: "OpenVAS Transfer Integrity" not changed
gpg: Total number processed: 1
gpg:  unchanged: 1
root@localhost:/tmp# ^C
root@localhost:/tmp# gpg --homedir=/etc/openvas/gnupg/ --lsign-key 
48DB4530

gpg: WARNING: unsafe permissions on homedir `/etc/openvas/gnupg/'

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
pub  1024D/48DB4530  created: 2007-11-05  expires: never usage: SC
 trust: unknown   validity: full
sub  2048g/70610CFB  created: 2007-11-05  expires: never usage: E
[  full  ] (1). OpenVAS Transfer Integrity

"OpenVAS Transfer Integrity" was already locally signed by key 807B4D30
Nothing to sign with key 807B4D30

Key not changed so no update needed.
root@localhost:/tmp# ^C
root@localhost:/tmp# openvas-nasl -p script.nasl

(openvas-nasl:1902): lib  kb_redis-CRITICAL **: get_redis_ctx: redis 
connection error: No such file or directory


(openvas-nasl:1902): lib  kb_redis-CRITICAL **: redis_new: cannot 
access redis at '/tmp/redis.sock'


(openvas-nasl:1902): lib  kb_redis-CRITICAL **: get_redis_ctx: redis 
connection error: No such file or directory


 Start the Redis server,
 redis-server  /etc/redis.conf
 redis-cli -s  /tmp/redis.sock MONITOR

Thanks,
Antu


root@localhost:/tmp#



On 3 January 2016 at 21:48, Eero Volotinen > wrote:


Please read errors and try to understand messages. For example you
enabled signature checking and didn't import keys correctly.

--
Eero

2016-01-03 21:38 GMT+02:00 fbrand . mailto:fbr...@gmail.com>>:

Hi,

I'm having problems with Scanner not wanting to start after
setup. NVT's didn't update 100% first time, but ran again
later and ran through, but see still showing NVT db too low.

Read somewhere to run "openvas-mkcert-client -n om -i", but
that also did nothing.
Scanner just gives ERROR when trying to start.
Manager starts fine.

Appreciate the help.

 

"openvas-check-setup"

OK: OpenVAS Manager is present in version 6.0.1.
Checking OpenVAS Manager client certificate ...
OK: OpenVAS Manager client certificate is valid and
present as /var/lib/openvas/CA/clientcert.pem.

Checking OpenVAS Manager database ...

OK: OpenVAS Manager database found in
/var/lib/openvas/mgr/tasks.db.
Checking access rights of OpenVAS Manager database ...

OK: Access rights for the OpenVAS Manager database are
correct.
Checking if users exist ...
OK: At least one user exists.

Checking sqlite3 presence ...
OK: sqlite3 found, extended checks of the OpenVAS
Manager installation enabled.

Checking OpenVAS Manager database revision ...
OK: OpenVAS Manager database is at revision 146.
Checking database revision expected by OpenVAS Manager ...
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
Checking OpenVAS Manager database (NVT data) ...
ERROR: The number of NVTs in the OpenVAS Manager
database is too low.
FIX: Make sure OpenVAS Scanner is running with an
up-to-date NVT collection and run 'openvasmd --rebuild'.
WARNING: OpenVAS Scanner is NOT running!
SUGGEST: Start OpenVAS Scanner (openvassd).
###

Re: [Openvas-discuss] Is it possible to scan a Win10 client

2015-11-26 Thread Antu Sanadi


Hello,

Presently we don't have windows 10 support. we are working on in very 
soon it support will be available.


Thanks,
Antu Sanadi


On Thursday 26 November 2015 04:51 PM, Eero Volotinen wrote:

Hi,

I am not very familiar with windows scanning, but short grep from nvt 
shows that there is not much windows 10 authenticated scanning support.


--
Eero

2015-11-26 12:51 GMT+02:00 Helms, Michael - WVI GmbH 
mailto:m.he...@wvigmbh.de>>:


Hello,

I have a Win10 Client, and Java 64 Bit 1.8.0.60 on it. Firewall is
off.
I use OpenVAS 7, with credentials. Login is ok.
But OpenVAS will not find the vulnerability.

Same Java on a Win7 client results in a vulnerability.

Any ideas?


Mit freundlichen Grüßen

  i.A.
  Dipl.-Inform. Michael Helms
  SiBe

-

E-Mail: m.he...@wvigmbh.de <mailto:m.he...@wvigmbh.de>
Telefon: +49-531-3 87 37-22 
Telefax: +49-531-3 87 37-33 

WVI Prof. Dr. Wermuth Verkehrsforschung und Infrastrukturplanung GmbH
Nordstr. 11
38106 Braunschweig

Sitz Braunschweig
Amtsgericht Braunschweig HRB 2805
Geschäftsführer
Prof. Dr. Manfred Wermuth
Dr.-Ing. Tobias Wermuth

Internet: www.wvigmbh.de <http://www.wvigmbh.de>


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Not all vulnarabitities used

2015-10-28 Thread Antu Sanadi

Hi,

what is the target OS you are scanning and which version of adobe reader 
(32 or 64 bit) is installed?

Let us test that once here.

Thanks,
Antu Sanadi

On Wednesday 28 October 2015 05:38 PM, Eero Volotinen wrote:
did you update the plugins to latest. run openvas-nvt-sync from root 
terminal?

--
Eero

2015-10-28 13:53 GMT+02:00 Helms, Michael - WVI GmbH 
mailto:m.he...@wvigmbh.de>>:

Same Problem on openvas8  (OpenVas-8 DEMO Virtual Appliance).

*Von:*eero.t.voloti...@gmail.com
<mailto:eero.t.voloti...@gmail.com>
[mailto:eero.t.voloti...@gmail.com
<mailto:eero.t.voloti...@gmail.com>] *Im Auftrag von *Eero Volotinen
*Gesendet:* Mittwoch, 28. Oktober 2015 12:42
*An:* Helms, Michael - WVI GmbH
*Cc:* openvas-discuss@wald.intevation.org
<mailto:openvas-discuss@wald.intevation.org>

*Betreff:* Re: [Openvas-discuss] Not all vulnarabitities used

How about using stable version like openvas8?

Eero

28.10.2015 1.39 ip. "Helms, Michael - WVI GmbH"
mailto:m.he...@wvigmbh.de>> kirjoitti:

Thanks.

if I understand aright, openvas9beta will not find the adobe
reader vulnerability on my PC,
because he didn't find adobe reader.

But openvas 7 will find the vulnerability.

And openvas9beta will find some vulnerabilities, for example the/a
xming vulnerability. But not adobe reader.

Mystic.

Any suggestions to solve the problem?

> -Ursprüngliche Nachricht-
> Von: Openvas-discuss [mailto:openvas-discuss-
<mailto:openvas-discuss->
> boun...@wald.intevation.org
<mailto:boun...@wald.intevation.org>] Im Auftrag von Chris
> Gesendet: Mittwoch, 28. Oktober 2015 11:48
> An: openvas-discuss@wald.intevation.org
<mailto:openvas-discuss@wald.intevation.org>
> Betreff: Re: [Openvas-discuss] Not all vulnarabitities used
>
> Hi,
>
> > There are many of “mandatory key is missing” lines. But why?
> What is the meaning of this?
>
> have a look at the "gb_adobe_acrobat_mult_vuln01_oct15_win.nasl" NVT
> for example:
>
> http://plugins.openvas.org/nasl.php?oid=806505
>
> This has the mandatory key:
>
> script_mandatory_keys("Adobe/Acrobat/Win/Ver");
>
> which is set by the detection NVT
"secpod_adobe_prdts_detect_win.nasl":
>
> http://plugins.openvas.org/nasl.php?oid=900319
>
> If that NVT wasn't able to detect the installed Adobe the
vulnerability
> check will fail.
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
<mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-
> discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Samba log on suddenly failing for authenticated scans

2015-09-24 Thread Antu Sanadi


Hello,

Fixed the issue, thanks for the reporting.

Updated NVT will available in next updated feed.

Thanks you!

Regards,
Antu Sanadi



On Saturday 19 September 2015 08:05 PM, Michael Meyer wrote:

*** Jeremy MJ wrote:


Thank you Michael, reverting to the older nasl and the credential scan
works fine.

Thanks for testing.


Would you like a bug report submitted somewhere?

No thanks, more or less you already did. :)

I'll talk to Antu about his change in r1630.
Maybe he will contact you fore some details about your configuration.

Micha




--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities

2015-09-22 Thread Antu Sanadi


Hi,

Fixed the issue, you can expect the  fixed NVT in next updated feed.

Thanks for reporting!

Regards,
Antu Sanadi



On Saturday 19 September 2015 01:19 PM, Eero Volotinen wrote:


Also noted that it detecs /lib64/dovecot as version 64. This is not 
binary, its library..


Eero


la 19. syyskuuta 2015 10.30 Michael Meyer <mailto:michael.me...@greenbone.net>> kirjoitti:


*** Walter York wrote:

> This test, Dovecot Sieve Plugin Multiple Buffer Overflow
> Vulnerabilities was a finding on my server.  It stated that the
> following versions were affected:

> The Dovecot Version Detection check identified the version
> as:Dovecot version 1 running at location /usr/libexec/dovecotstdin

Ok...problem is in the detection NVT. Thanks for reporting.

@Antu: Please have a look.

Micha

--
Michael Meyer  OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Pango Integer Buffer Overflow Vulnerability - False Positive?

2015-09-22 Thread Antu Sanadi


Hello,

We have tested NVT, we are not able to reproduce and its working
as expected for us.

Please can you run "pango-view --version" on target machine and get us the 
result.


Thanks,
Antu Sanadi


On Sunday 20 September 2015 01:05 PM, Michael Meyer wrote:

*** Walter York wrote:

Possible false positive:  The guidance by the OpenVAS test is to
upgrade to Pango version 1.24.0 or later yet I have 1.34 installed
on the target box.

Thanks for reporting.


On my OpenVAS box:OS Distribution:[root@localhost ~]# cat /etc/*eleaseCentOS 
Linux release 7.1.1503 (Core) Authenticated? YesSSH Authorization CheckIt was 
possible to login using the provided SSH credentials.Hence authenticated checks 
are enabled.Greenbone Security AssistantVersion 6.0.5Using with the latest NVT, 
SCAP and CERT feeds===On my 
Target box:root@bh01 [/]# yum list installed | grep pangopango.x86_64   
   1.34.1-5.el7 @base
root@bh01 [/]# cat /etc/*eleaseCentOS Linux release 7.1.1503 (Core)NAME="CentOS 
Linux"
===OpenVAS Result 
Details:OpenVAS is failing this particular test: Vulnerability Detection 
MethodDetails: Pango Integer Buffer Overflow Vulnerability (OID: 
1.3.6.1.4.1.25623.1.0.900644)Version used: $Revision: 15 $
SolutionUpgrade to pango version 1.24.0 or later 
http://ftp.acc.umu.se/pub/GNOME/sources/pango/
Affected Software/OSPango version prior to 1.24.0

@Antu: Please have a look.

Micha




--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS 7 on Ubuntu 14.04: openvasmd --rebuild hangs

2015-09-10 Thread Antu Sanadi


Hello,

 Restart the scanner, manager and try the  following steps,

# openvas-nvt-sync
# openvasmd --rebuild --listen 127.0.0.1 --progress

Thanks,
Antu Sanadi


On Thursday 10 September 2015 01:36 PM, Sorin Gheorghiu wrote:

Hi all,

I started a fresh OpenVAS 7 installation on Ubuntu 14.04, following 
the instructions from https://hackertarget.com/install-openvas-7-ubuntu/


But during rebuild /openvasmd /hangs, the progress bar freezes to move 
and CPU usage goes 100%


# openvasmd --rebuild --progress --verbose
Rebuilding NVT cache... /

Note. The file openvas-check-setup.log is attached as required.

Regards,
Sorin
--
Sorin Gheorghiu Tel: +49 7531 88-3198
Universität KonstanzRaum: B703
78464 konstanzsorin.gheorg...@uni-konstanz.de

- KIM: Abteilung Contentdienste -


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvasmd rebuild issue

2015-09-04 Thread Antu Sanadi


Hi,

Try try,  openvasmd  --rebuild --listen 127.0.0.1 --progress

you can see here status of rebuild, (Rebuilding NVT cache... ) try 2 ore 
3 times till it's get done.


Even if did  not work , Please let us know.

Thanks,
Antu Sanadi





On Friday 04 September 2015 01:02 PM, Prasadh Nanjundan wrote:


Hello Eero,

Thanks a lot for your prompt response.

I am in situation that I can’t upgrade to Centos 7 now, because we 
have many application running on the same platform 32 bit.


If I remove all new plugins, openvasmd rebuilds fine. But it doesn’t 
make sense to run scan without new plugins.


I just want check is there any quick workaround to avoid this rebuild 
issue. Thanks again for the help.


Thanks

Prasadh.

*From:*eero.t.voloti...@gmail.com [mailto:eero.t.voloti...@gmail.com] 
*On Behalf Of *Eero Volotinen

*Sent:* Thursday, September 03, 2015 11:17 PM
*To:* Prasadh Nanjundan
*Cc:* openvas-discuss@wald.intevation.org
*Subject:* Re: [Openvas-discuss] openvasmd rebuild issue

Please install centos 7 and latest stable version of openvas (8).

Eero

3.9.2015 6.44 ip. "Prasadh Nanjundan" <mailto:p...@ubiqube.com>> kirjoitti:


Hello,

   I came to know below error is because  previous nasl script 
nvti  had line breaks in  either tag_summary or tag_insight.


Tags=cvss_base=0.0|cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|detection=remote 
probe|last_modification=$Date: 2015-01-23 10:37:28 +0100 (Fri, 23 Jan 
2015) $|creation_date=2014-11-11 10:04:39 +0100 (Tue, 11 Nov 
2014)|summary=The script sends a connection*\n*request to the server 
and attempts to extract the version number*\n*from the reply.


This problem is with new 2105 plugins updated from nvt sync.

   Any idea, how to avoid this. Thanks in advance for your help.

Thanks

Prasadh.

*From:*Prasadh Nanjundan
*Sent:* Thursday, September 03, 2015 12:18 PM
*To:* 'openvas-discuss@wald.intevation.org 
<mailto:openvas-discuss@wald.intevation.org>'

*Subject:* openvasmd rebuild issue

Hello,

I am running recommend openvas version in Centos 5.7. My sqlite 
version is sqlite-3.7.0.1-1.el5.art


I am having trouble in rebuilding the openvasmd.  When I tried to 
rebuild in debug mode, below is the error.   When I check the nasl 
script file for the OID *63730, *we don’t have any message like below, 
I don’t know where this message come from and why,any help much 
appreciated.  Thanks in advance


*md main:  DEBUG:2015-09-03 06h02.57 utc :16961:sql: INSERT into 
nvts (oid, version, name, summary, description, copyright, cve, bid, 
xref, tag, sign_key_ids, category, family, cvss_base, risk_factor) 
VALUES ('A security problem which may lead to unauthorized machine access*


*or code execution has been fixed by upgrading to rsync-2.5.7.*

*This problem only affects machines running rsync in daemon mode,*

*and is easier to exploit if the non-default option 'use chroot = no'*

*is used in the /etc/rsyncd.conf config file.*

**

*Any sites running an rsync server should upgrade immediately.*

**

*For complete information, see the rsync home page:*

**

*http://rsync.samba.org|summary=The 
<http://rsync.samba.org%7Csummary=The> remote host is missing an 
update as announced*


*via advisory SSA:2003-337-01.|qod_type=package|solution_type=VendorFix*

*1.3.6.1.4.1.25623.1.0.63730', '$Revision: 15 $', 'Debian Security 
Advisory DSA 1758-1 (nss-ldapd)', 'Debian Security Advisory DSA 1758-1 
(nss-ldapd)', '*


*Summary:*

*The remote host is missing an update to nss-ldapd*

*announced via advisory DSA 1758-1.*

*Vulnerability Insight:*

*Leigh James that discovered that nss-ldapd, an NSS module for using*

*LDAP as a naming service, by default creates the configuration file*

*/etc/nss-ldapd.conf world-readable which could leak the configured*

*LDAP password if one is used for connecting to the LDAP server.*

**

*The old stable distribution (etch) doesn''t contain nss-ldapd.*

**

*For the stable distribution (lenny) this problem has been fixed in*

*version 0.6.7.1.*

**

*For the unstable distribution (sid) this problem has been fixed in*

*version 0.6.8.*

**

*We recommend that you upgrade your nss-ldapd package.*

*Solution:*

*https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201758-1', 
'Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com', 
'CVE-2009-1073', 'NOBID', 'NOXREF', 'check_type=authenticated package 
test|last_modification=$Date: 2013-10-27 13:49:54 +0100 (Sun, 27 Oct 
2013) $|creation_date=2009-04-06 20:58:11 +0200 (Mon, 06 Apr 
2009)|cvss_base_vector=AV:L/AC:L/Au:N/C:C/I:N/A:N', 
'48479FF648DB4530', 3, 'Debian Local Security Checks', '4.9', 'Medium');*


**

*md main:WARNING:2015-09-03 06h02.57 utc :16961: sql: sqlite3_prepare 
failed: near "use": syntax error*


**

*md m

Re: [Openvas-discuss] help plz

2015-08-18 Thread Antu Sanadi


Hello,

start the OpenVAS manager,

To start run: openvasmd

and check openvasmd  is listening or not.
netstat -antp | grep  'openvasmd'

Thanks,
Antu Sanadi

On Tuesday 18 August 2015 02:42 PM, Saeid Rezaei wrote:

hi, what can i do for this error
login failed, OMP service is down
tnx






___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Fwd: log

2015-08-17 Thread Antu Sanadi


Hi,

try, sudo apt-get install libsqlite3-dev

Thanks,
Antu Sanadi

On Monday 17 August 2015 12:49 PM, saurabh Garg wrote:

Dear Openvas Members,

Please help me out in installation of openvas manager by source code.
I have attached the log file.

When I am doing cmake.. , it is showing module "sqlite3 not found". 
While sqlite3 is installed on my pc, I am able to log in sqlite3 pormpt.



Thanks
Saurabh Garg
-- Forwarded message --
From: *saurabh Garg* <mailto:gargsaurab...@gmail.com>>

Date: Mon, Aug 17, 2015 at 12:40 PM
Subject: log
To: saurabh garg <mailto:gargsaurab...@gmail.com>>



log



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] 1.3.6.1.4.1.25623.1.0.100527 detects wrong OpenSSL version

2015-08-10 Thread Antu Sanadi


Hello,

Let us have look at this. Thanks for reporting.

Thanks,
Antu Sanadi


On Monday 10 August 2015 05:40 PM, Winfried Neessen wrote:

Hi,

it looks like the version detection for OpenSSL 
in 1.3.6.1.4.1.25623.1.0.100527 doesn't work with

two-sign version characters.

Example:
Server string: Apache/2.2.29 (FreeBSD) [...] OpenSSL/0.9.8zf-freebsd
Detected OpenSSL version: 0.9.8z.f
Expected version: 0.9.8m

Even though "0.9.8zf" is higher, it is detected as "z.f" and then the 
check only seems to test the
last character, which in this case is a "f" and therefore smaller than 
the expected "m". So the

test detects a "high" false-positive.

I haven't had the time, to read myselves into the syntax of the 
"http_func.inc" and "version_func.inc"
of OpenVAS, to understand how the patter matching works. Otherwise I 
would have provided a patch

already.


Winni


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] list of vulnerabilities

2015-08-06 Thread Antu Sanadi


Hi,

Please have a look at http://plugins.openvas.org/index.php

Thanks,
Antu Sanadi

On Wednesday 05 August 2015 07:26 PM, Paul Johnson wrote:


Is there a detailed list of vulnerabilities that are checked?



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] TLS version check with oid 103441 and 802067

2015-07-28 Thread Antu Sanadi


Hello,

Checked the code in the Plugins for "TLS > v1.0",  These plugins
check  for the "TLS > v1.0" also.

Please let me know if you face any issues.

Thanks,
Antu Sanadi

On Friday 10 July 2015 10:40 PM, Mario Castelao - First Security 
Technology wrote:

Hi all,

Do the following plugins also check TLS > v1.0?

* http://plugins.openvas.org/nasl.php?oid=103441 (Check for supported SSL
Ciphers)
* http://plugins.openvas.org/nasl.php?oid=802067 (Check for SSL Ciphers)


Best regards,
Mario


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas installation error

2015-07-21 Thread Antu Sanadi


Hello,

Please run the following commands.
- openvassd  and
- openvasmd --rebuild

Thanks,
Antu Sanadi
On Tuesday 21 July 2015 04:30 PM, vinod harksh wrote:

hello sir

hey i am vinod kumar shrimalii information security analyst
now i am installing openvas but after installing it is giving error 
here i am attaching log file

please provide me sol. asap

Warmasfdsfdsfds

*Warm Regard*
*Vinod Kumar Shirmalii*
*SECURITY ANALYST*
/SCO-13A, Model Town Extn. Ludhiana/*
*
*Email: vi...@harksh.com <mailto:vi...@harksh.com>*
*Contact: 9803042696*
www.harksh.com <http://www.harksh.com>


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] openvas fail

2015-06-26 Thread Antu Sanadi


Hello,

According error message GSAD is not running.
start it and check.

gsad --http-only --listen 127.0.0.1

Thanks!
 Antu Sanadi

On Thursday 25 June 2015 09:57 PM, Luc Romain wrote:


Hello

I’ve some problems with my installation of openvas

This morning all worked but now i can’t scan (i can acces to interface 
but can not perform scan)


Here is my launch of openvas-check-setup :

openvas-check-setup 2.3.0

  Test completeness and readiness of OpenVAS-8

  (add '--v6' or '--v7' or '--9'

   if you want to check for another OpenVAS version)

  Please report us any non-detected problems and

  help us to improve this check routine:

http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze 
the problem.


  Use the parameter --server to skip checks for client tools

  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...

OK: OpenVAS Scanner is present in version 5.0.3.

OK: OpenVAS Scanner CA Certificate is present as 
/usr/local/var/lib/openvas/CA/cacert.pem.


OK: NVT collection in /usr/local/var/lib/openvas/plugins 
contains 39478 NVTs.


WARNING: Signature checking of NVTs is not enabled in OpenVAS 
Scanner.


SUGGEST: Enable signature checking (see 
http://www.openvas.org/trusted-nvts.html).


OK: The NVT cache in /usr/local/var/cache/openvas contains 
39478 files for 39478 NVTs.


OK: redis-server is present in version v=2.8.13.

OK: scanner (kb_location setting) is configured properly using 
the redis-server socket: /tmp/redis.sock


OK: redis-server is running and listening on socket: 
/tmp/redis.sock.


OK: redis-server configuration is OK and redis-server is running.

Step 2: Checking OpenVAS Manager ...

OK: OpenVAS Manager is present in version 6.0.3.

OK: OpenVAS Manager client certificate is present as 
/usr/local/var/lib/openvas/CA/clientcert.pem.


OK: OpenVAS Manager database found in 
/usr/local/var/lib/openvas/mgr/tasks.db.


OK: Access rights for the OpenVAS Manager database are correct.

OK: At least one user exists.

OK: sqlite3 found, extended checks of the OpenVAS Manager 
installation enabled.


OK: OpenVAS Manager database is at revision 146.

OK: OpenVAS Manager expects database at revision 146.

OK: Database schema is up to date.

OK: OpenVAS Manager database contains information about 39478 
NVTs.


OK: OpenVAS SCAP database found in 
/usr/local/var/lib/openvas/scap-data/scap.db.


OK: OpenVAS CERT database found in 
/usr/local/var/lib/openvas/cert-data/cert.db.


OK: xsltproc found.

Step 3: Checking user configuration ...

WARNING: Your password policy is empty.

SUGGEST: Edit the /usr/local/etc/openvas/pwpolicy.conf file to 
set a password policy.


Step 4: Checking Greenbone Security Assistant (GSA) ...

OK: Greenbone Security Assistant is present in version 6.0.3.

Step 5: Checking OpenVAS CLI ...

OK: OpenVAS CLI version 1.4.1.

Step 6: Checking Greenbone Security Desktop (GSD) ...

SKIP: Skipping check for Greenbone Security Desktop.

Step 7: Checking if OpenVAS services are up and running ...

OK: netstat found, extended checks of the OpenVAS services 
enabled.


OK: OpenVAS Scanner is running and listening on all interfaces.

OK: OpenVAS Scanner is listening on port 9391, which is the 
default port.


ERROR: OpenVAS Manager is NOT running!

FIX: Start OpenVAS Manager (openvasmd).

ERROR: Greenbone Security Assistant is NOT running!

FIX: Start Greenbone Security Assistant (gsad).

ERROR: Your OpenVAS-8 installation is not yet complete!

Please follow the instructions marked with FIX above and run this

script again.

If you think this result is wrong, please report your observation

and help us to improve this check routine:

http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Please attach the log-file (/tmp/openvas-check-setup.log) to help us 
analyze the problem.


#

My gsad and openvassmd are running so i really don’ t know what the 
problem is… Help me please !!! L




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] incorrect vulnerability family

2015-03-09 Thread Antu Sanadi


Hello,


On Monday 09 March 2015 04:31 PM, Nicholas Sciberras wrote:


Hi,

I’m not sure if this is the correct forum for this.

I have been checking the categorisation of vulnerabilities, and 
noticed that this vulnerability is not correctly categorised.


http://komma-nix.de/nasl.php?oid=11000

Its family is set to “Malware”. It should be “Default Accounts”



Yes, Thanks for noticing. We'll update the NVT.

Thanks,
Antu Sanadi


Regards,

Nicholas Sciberras



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2015-0235

2015-01-28 Thread Antu Sanadi


Hello,

It is not yet covered, we are working on it, Soon it will  be available 
in feed.


Thanks,
Antu Sanadi




On Wednesday 28 January 2015 03:12 PM, Christian Bajada wrote:

Hi,

I updated my NVTs and it does not show as available. It is not 
surprising as the bug was published less than 24 hours ago...


You can search for vulnerabilities by using the filer in 
SecInfoManagement > NvTs.




On Wed, Jan 28, 2015 at 10:11 AM, flymolon <mailto:flymo...@qq.com>> wrote:


Hi,

Is the CVE-2015-0235 vulnerability detectable now in openvas?
BTW, where can I check other recent vulnerabilities' detection state?

Thanks!


flymo...@qq.com <mailto:flymo...@qq.com>

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
<mailto:Openvas-discuss@wald.intevation.org>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] ERROR: The number of NVTs in the OpenVAS Manager database is too low.

2015-01-18 Thread Antu Sanadi


Hello,

What is the size of the

"/usr/local/var/lib/openvas/mgr/tasks.db"?

Thanks,
Antu Sanadi


On Sunday 18 January 2015 09:39 AM, Xiaofeng Sheng wrote:


Hi, Antu Sanadi,
 Thanks for the reply. I tried the commands you told me, but I 
still have the same error message, you can see the below output when I 
did it: (When I executed "openvasmd --rebuild" command, it's very 
quick to finish, just like the eye blink, I don't it's normal or not. )

Step1-Before "openvas-nvt-sync":
root@bt:~# /pentest/misc/openvas/openvas-check-setup
openvas-check-setup 2.1.5
  Test completeness and readiness of OpenVAS-4
  (add '--v5' if you want to check for OpenVAS-5)
  Please report us any non-detected problems and
  help us to improve this check routine:
http://lists.wald.inteva-ion.org/mailman/listinfo/openvas-discuss 
<http://lists.wald.inteva-ion.org/mailman/listinfo/openvas-discuss>
  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze 
the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.5.
OK: OpenVAS Scanner CA Certificate is present as 
/usr/local/var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /usr/local/var/lib/openvas/plugins 
contains 37577 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS 
Scanner.
SUGGEST: Enable signature checking (see 
http://www.openvas.org/trusted-nvts.html 
<http://www.openvas.org/trusted-nvts.html>).

Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 2.0.4.
OK: OpenVAS Manager client certificate is present as 
/usr/local/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in 
/usr/local/var/lib/openvas/mgr/tasks.db.

OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager 
installation enabled.

OK: OpenVAS Manager database is at revision 41.
OK: OpenVAS Manager expects database at revision 41.
OK: Database schema is up to date.
ERROR: The number of NVTs in the OpenVAS Manager database is 
too low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date 
NVT collection and run 'openvasmd --rebuild'.

 ERROR: Your OpenVAS-4 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss 
<http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss>
Please attach the log-file (/tmp/openvas-check-setup.log) to help us 
analyze the problem.


Step2-After "openvas-nvt-sync":
root@bt:~# openvas-nvt-sync
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT 
Feed'.

[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 
'http://www.openvas.org/openvas-nvt-feed.html 
<http://www.openvas.org/openvas-nvt-feed.html>'.

[i] NVT dir: /usr/local/var/lib/openvas/plugins
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed
OpenVAS feed server - http://www.openvas.org/
This service is hosted by Intevation GmbH - http://intevation.de/
All transactions are logged.
Please report synchronization problems to openvas-f...@intevation.de 
<mailto:openvas-f...@intevation.de>.

If you have any other questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
receiving incremental file list
sent 42 bytes  received 1604512 bytes  43960.38 bytes/sec
total size is 201678379  speedup is 125.69
[i] Checking dir: ok
[i] Checking MD5 checksum: ok

root@bt:~#
root@bt:~# openvasmd --rebuild
root@bt:~#
root@bt:~#
root@bt:~#
root@bt:~# /pentest/misc/openvas/openvas-check-setup
openvas-check-setup 2.1.5
  Test completeness and readiness of OpenVAS-4
  (add '--v5' if you want to check for OpenVAS-5)
  Please report us any non-detected problems and
  help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss 
<http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss>
  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze 
the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.5.
OK: OpenVAS Scanner CA Certificate is present as 
/usr/local/var

Re: [Openvas-discuss] ERROR: The number of NVTs in the OpenVAS Manager database is too low.

2015-01-16 Thread Antu Sanadi


Hello,

Running this might fix the issue.

openvas-nvt-sync
and
openvasmd --rebuild

Thanks,
Antu Sanadi


On Friday 16 January 2015 02:41 PM, Xiaofeng Sheng wrote:

Hi, guys,
I'm setting up the openvas on BT5 R3, I meet one ERROR message 
as the mail title described when I run 
"/pentest/misc/openvas/openvas-check-setup" command. I did some 
research on google website for how can it be solved, but I failed.
   I excuted the below commands to solve it, but still have the same 
error:

openvassd
touch /usr/local/var/lib/openvas/mgr/tasks.db
openvasmd --backup
openvasmd --rebuild
openvasad -c 'add_user' -u openvasadmin -r Admin
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad --http-only --listen=127.0.0.1 -p 9392
  Can someone who know this issue help me to fix it? Thanks.
Br/xiaofeng
===
LOG:
root@bt:/tmp# more openvas-check-setup.log
openvas-check-setup 2.1.5
  Mode:  desktop
  Date:  Fri, 16 Jan 2015 16:56:16 +0800
Checking for old OpenVAS Scanner <= 2.0 ...
/pentest/misc/openvas/openvas-check-setup: line 124: openvasd: command 
not found

Checking presence of OpenVAS Scanner ...
OpenVAS Scanner 3.2.5
Nessus origin: (C) 2004 Renaud Deraison <mailto:derai...@nessus.org>>

Most new code since OpenVAS: (C) 2011 Greenbone Networks GmbH
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Checking OpenVAS Scanner version ...
OK: OpenVAS Scanner is present in version 3.2.5.
plugins_folder = /usr/local/var/lib/openvas/plugins
cache_folder = /usr/local/var/cache/openvas
include_folders = /usr/local/var/lib/openvas/plugins
max_hosts = 30
max_checks = 10
be_nice = no
logfile = /usr/local/var/log/openvas/openvassd.messages
log_whole_attack = no
log_plugins_name_at_load = no
dumpfile = /usr/local/var/log/openvas/openvassd.dump
rules = /usr/local/share/openvas/openvassd.rules
cgi_path = /cgi-bin:/scripts
port_range = default
optimize_test = yes
checks_read_timeout = 5
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = yes
auto_enable_dependencies = yes
silent_dependencies = no
use_mac_addr = no
save_knowledge_base = no
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
slice_network_addresses = no
nasl_no_signature_check = yes
drop_privileges = no
unscanned_closed = yes
vhosts =
vhosts_ip =
cert_file = /usr/local/var/lib/openvas/CA/servercert.pem
key_file = /usr/local/var/lib/openvas/private/CA/serverkey.pem
ca_file = /usr/local/var/lib/openvas/CA/cacert.pem
config_file = /usr/local/etc/openvas/openvassd.conf
Checking OpenVAS Scanner CA cert ...
OK: OpenVAS Scanner CA Certificate is present as 
/usr/local/var/lib/openvas/CA/cacert.pem.

Checking NVT collection ...
OK: NVT collection in /usr/local/var/lib/openvas/plugins 
contains 37577 NVTs.

Checking status of signature checking in OpenVAS Scanner ...
WARNING: Signature checking of NVTs is not enabled in OpenVAS 
Scanner.
SUGGEST: Enable signature checking (see 
http://www.openvas.org/trusted-nvts.html).

Checking presence of OpenVAS Manager ...
OpenVAS Manager 2.0.4
Manager DB revision 41
Copyright (C) 2010 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
OK: OpenVAS Manager is present in version 2.0.4.
Checking OpenVAS Manager client certificate ...
OK: OpenVAS Manager client certificate is present as 
/usr/local/var/lib/openvas/CA/clientcert.pem.

Checking OpenVAS Manager database ...
OK: OpenVAS Manager database found in 
/usr/local/var/lib/openvas/mgr/tasks.db.

Checking access rights of OpenVAS Manager database ...
OK: Access rights for the OpenVAS Manager database are correct.
Checking sqlite3 presence ...
OK: sqlite3 found, extended checks of the OpenVAS Manager 
installation enabled.

Checking OpenVAS Manager database revision ...
OK: OpenVAS Manager database is at revision 41.
Checking database revision expected by OpenVAS Manager ...
OK: OpenVAS Manager expects database at revision 41.
OK: Database schema is up to date.
Checking OpenVAS Manager database (NVT data) ...
ERROR: The number of NVTs in the OpenVAS Manager database is 
too low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date 
NVT collection and run 'openvasmd --rebuild'.

=
root@bt:~# sqlite3 /usr/local/var/lib/openvas/mgr/tasks.db "select 
count(*) from nvts;"

946


___
Openvas-discu

Re: [Openvas-discuss] redis connection refused

2014-12-17 Thread Antu Sanadi


Hello Alex,

Start the redis-server as root user.

Thanks,
Antu Sanadi


On Thursday 18 December 2014 11:20 AM, Alexander Rau wrote:

Hi:

Trying to scan and getting "WARNING: Cannot connect to KB at 
'/tmp/redis.sock': Connection refused'"


Any ideas?

Thanks

Alex


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2009-3095 in windows

2014-12-17 Thread Antu Sanadi


Hello,

On Monday 27 October 2014 01:25 PM, flymolon wrote:

Hi there,

The NVT secpod_apache_mod_proxy_ftp_cmd_inj_vuln.nasl detects 
CVE-2009-3095 for linux, but it filters windows out.

There's an apache HTTP server in my windows server, here's its banner:
HTTP/1.1 200 OK
Date: Mon, 27 Oct 2014 07:28:40 GMT
Server: Apache/2.2.13 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "1d0bb-2c-3e94b66c2e680"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

Does the vulnerability exist in it? or is there a tool I can use to 
test the attack?


This vulnerability does not exists on Windows platform.

Thanks,
Antu Sanadi



Thanks!


flymolon


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2014-8517

2014-11-04 Thread Antu Sanadi


Hi,

Because of not been publicized, We don't have the NVT generated.
By tomorrow, we will commit the manually developed NVT.

Thank you!

Regards,
Antu Sanadi

 On Tuesday 04 November 2014 04:31 PM, flymolon wrote:
Yes, seems it's not been publicized yet. Any script even unofficial 
anyway?


Thanks!


flymolon

*From:* Mauro Risonho de Paula Assumpção
<mailto:mauro.riso...@gmail.com>
*Date:* 2014-11-04 18:50
*To:* flymolon <mailto:flymo...@qq.com>
*CC:* openvas-discuss <mailto:openvas-discuss@wald.intevation.org>
*Subject:* Re: [Openvas-discuss] CVE-2014-8517


Em 04/11/2014 08:32, "flymolon" mailto:flymo...@qq.com>> escreveu:
>
> Hi,

Hi,

> When will CVE-2014-8517 be detectable?
>
https://access.redhat.com/security/cve/CVE-2014-8517 ???

> Thanks!

Thanks!
>
> 
> flymolon
>
@firebitsbr
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
<mailto:Openvas-discuss@wald.intevation.org>
>
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Searching NVTs using the command line

2014-10-27 Thread Antu Sanadi


Hello,

Usually you will find the all the Plugins in 
"/usr/local/var/lib/openvas/plugins/*" .


You can use "grep" here.

Thanks,
Antu Sanadi


On Monday 27 October 2014 03:17 AM, LIAD Mizrachi wrote:

Hi guys,


Is there a way to search for Plugins from the existing plugins on my 
machine ?



Thanks !
Liad M.




___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] socket BUG?

2014-10-14 Thread Antu Sanadi


On Tuesday 14 October 2014 12:36 PM, flymolon wrote:

Hi,
the script 4553.nasl used soc = open_sock_tcp(target) without 
close(soc), is it a bug?


Yes, socket need to be closed here.

Thanks,
Antu

Thanks!


flymolon


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Plugins Question

2014-09-22 Thread Antu Sanadi


On Monday 22 September 2014 05:56 PM, Turner, Jonas wrote:


I have tried four different credentials on MANY different machines and 
even a local laptop with a VERY generic password.  Results are always 
the same and never do anything differently.  I do see a 2014 and 2013 
folder in the plugins folder.  Do those get used?  Are those for the 
3^rd party and windows updates?




I think its not able login to the target machine, If its able to login 
then sure it will

detect all new and outdated vulnerable versions.

Please have a look at, 
http://www.greenbone.net/learningcenter/auth_scans.html


Whatever sub directories are present in plugins directory those will be 
get used,
These are the only conventions to plugins which are developed in 
respective year.


Your report should have the following(if  login success)

WINDOWS:
Summary
This script attempts to logon into the remote host using login/password 
credentials.

Vulnerability Detection Result
It was possible to log into the remote host using the SMB protocol.
Log Method
Details: SMB log in (OID: 1.3.6.1.4.1.25623.1.0.10394)

LINUX:
Summary
This script tries to login with provided credentials.
If the login was successful, it marks this port as available for any 
authenticated tests.

Vulnerability Detection Result
It was possible to login using the provided SSH credentials.
Hence authenticated checks are enabled.
Log Method
Details: SSH Authorization Check (OID: 1.3.6.1.4.1.25623.1.0.90022)

Please let me if it not works.

Thanks,
Antu Sanadi


*From:*Openvas-discuss 
[mailto:openvas-discuss-boun...@wald.intevation.org] *On Behalf Of 
*Antu Sanadi

*Sent:* Monday, September 22, 2014 4:33 AM
*To:* openvas-discuss@wald.intevation.org
*Subject:* Re: [Openvas-discuss] Plugins Question

Hello,

Yes, OpenVAS will detect for the outdated versions of 3rd party softwares.
May be you are scan-config for credential scans in not proper.

are you able to login to the target machine?

Thanks,
Antu Sanadi



On Friday 19 September 2014 07:52 PM, Turner, Jonas wrote:

Do the plugins scan for outdated versions of 3^rd party software
and missing OS patches?  I would assume the credentialed scans
would detect those missing and I would see results.  Reason why I
ask is because this is why I assume my credentialed scans don’t
work.  I am not seeing any of this information and my
non-credentialed and credentialed scans report back the same results.

*Jonas Turner │ Security Analyst II*

*Ph: 419.254.4890│Fax: 419.252.5557*

*E-mail: jotur...@hcr-manorcare.com
<mailto:jotur...@hcr-manorcare.com>*


CONFIDENTIALITY NOTICE The information contained in this
transmission is intended only for the person or entity to which it
is addressed and may contain confidential and/or privileged
material. If you are not the intended recipient of this
information, do not review, retransmit, disclose, disseminate,
use, or take any action in reliance upon, this information. If you
received this transmission in error, please contact the sender,
destroy all printed copies, and delete the material from all
computers.   


___

Openvas-discuss mailing list

Openvas-discuss@wald.intevation.org  
<mailto:Openvas-discuss@wald.intevation.org>

https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

CONFIDENTIALITY NOTICE The information contained in this transmission 
is intended only for the person or entity to which it is addressed and 
may contain confidential and/or privileged material. If you are not 
the intended recipient of this information, do not review, retransmit, 
disclose, disseminate, use, or take any action in reliance upon, this 
information. If you received this transmission in error, please 
contact the sender, destroy all printed copies, and delete the 
material from all computers.    



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Plugins Question

2014-09-22 Thread Antu Sanadi


Hello,

Yes, OpenVAS will detect for the outdated versions of 3rd party softwares.
May be you are scan-config for credential scans in not proper.

are you able to login to the target machine?

Thanks,
Antu Sanadi



On Friday 19 September 2014 07:52 PM, Turner, Jonas wrote:


Do the plugins scan for outdated versions of 3^rd party software and 
missing OS patches?  I would assume the credentialed scans would 
detect those missing and I would see results.  Reason why I ask is 
because this is why I assume my credentialed scans don’t work.  I am 
not seeing any of this information and my non-credentialed and 
credentialed scans report back the same results.


*Jonas Turner │ Security Analyst II*

*Ph: 419.254.4890│Fax: 419.252.5557*

*E-mail: **jotur...@hcr-manorcare.com <mailto:jotur...@hcr-manorcare.com>*


CONFIDENTIALITY NOTICE The information contained in this transmission 
is intended only for the person or entity to which it is addressed and 
may contain confidential and/or privileged material. If you are not 
the intended recipient of this information, do not review, retransmit, 
disclose, disseminate, use, or take any action in reliance upon, this 
information. If you received this transmission in error, please 
contact the sender, destroy all printed copies, and delete the 
material from all computers.   



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] checks via ssh won't work with tcsh

2014-04-11 Thread Antu Sanadi


Hello Gerald,

 It looks changes are simple. Let me fix this and test once.

Thanks
Antu Sanadi

On Thursday 10 April 2014 05:03 PM, Gerald Vogt wrote:

Hi!

When running scans I see that all hosts show several issues for libpng
and mozilla applications. However, reports show that something is wrong,
  e.g.:

High (CVSS: 7.5)
NVT: libpng vulnerability (OID: 1.3.6.1.4.1.25623.1.0.90021)

Details

Add Note

Add Override
Found : -a: Command not found.  Version : LANG=C: Command not found.
LC_ALL=C: Command not found.
-a:: Too many arguments.


This is because it runs "which -a libpng_config" to find the
libpng_config executable in the path. However, "which -a" won't work in
tcsh and the SSH account I can use to run local checks on the hosts has
tcsh has default shell.

So basically, these checks depend on "bash" or "sh" to be the login
shell of the account used. I think, instead the check should
specifically use /bin/sh to make the test and not rely on the login
shell set on the remote machine.

Can this be changed easily? We have this account on all hosts and it's
the easiest way to get ssh access...

Thanks,

Gerald

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] gb_ibm_lotus_symphony_detect_lin.nasl always uses find

2014-04-11 Thread Antu Sanadi


Hello Gerald,

Let me have a look at this and Fix the issue.

Thanks for reporting.

Regards,
Antu  Sanadi


On Friday 11 April 2014 01:50 PM, Gerald Vogt wrote:

Hi!

As we have a quite large storage system on some of our servers I have
disabled find for local security checks.

However, I found that gb_ibm_lotus_symphony_detect_lin.nasl runs

"find / -name about.mappings -type f"

I think gb_ibm_lotus_symphony_detect_lin.nasl should honor the lsc find
configuration (and the xdev as well).

Thanks,

Gerald

P.S.: is this list the best place to report things like that?
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] NVT issue - Misdetection?

2014-01-17 Thread Antu Sanadi


  
  
Hello Tom,
  
  On Wednesday 15 January 2014 09:52 PM, Tom Powers wrote:


  
  
  
  
  
  

  
  

  

Sound Solutions, Inc.
8400 Highland Dr.
  Wausau, WI 54401
  Tel: 715-842-7665
  Fax: 715-842-7620

  



  
  
  
  
Hello OVAS….
 
We are seeing this NVT
  misdetecting on all machines after a recent NVT
  sync
 

  NVT: Microsoft JScript and
_vbscript_ Scripting Engines Remote Code Execution
Vulnerab... (OID: 1.3.6.1.4.1.25623.1.0.902501) 
  
  


  

  

We have tested this again on Windows 7 SP1 and not able to reproduce
the issue.


  

  

  
  

  It's saying MS 11-031 is missing. 
MS-11-031 was superceded by 12-056.  When we
check windows update against these machines,
even Windows doesn't show it as needed.
  


  

  

MS11-031 is not completely  superseded by
MS12-056, hence we need to install MS11-031 patch also
and not sure why Windows update is not listing.

Thanks,
AnTu
- 
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html

  

  

  
  


  
  


  
  

  

  

  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] False Positive #4 ?

2012-03-22 Thread Antu Sanadi



  
  
Hi,

Thanks for the reporting. Fixed the issue and committed
the updated plugin.

Please let me know if you found any issues.

Regards,
Antu S

On Wednesday 21 March 2012 10:55 PM, Tom Powers wrote:

  
  
  
  
  

  
  

  
Sound Solutions, Inc.
8400 Highland Dr.
  Wausau, WI  54401
  Tel: 715-842-7665
  Fax: 715-842-7620

  



  
  
  

  Hello,
   
  This NVT http://openvas.komma-nix.de/nasl.php?oid=900568
  is showing up on our machines and
is saying we need path
ms09-023….however…Microsoft Updates does not agree.
   
  What can we do to verify this NVT
as Microsoft Updates and
our Shavlik Patching system do not show it as a
patch needing to be installed?
   
  Thanks
  
Tom P

  
  
  



  

  


   
  Sound Solutions, Inc.  - Since 1995
  We Appreciate Your Business and Referrals

  



  
This message (and any associated files) is
  intended only for the use of the individual or entity
  to which it is addressed and may contain information
  that is confidential, subject to copyright or
  constitutes a trade secret. If you are not the
  intended recipient you are hereby notified that any
  dissemination, copying or distribution of this
  message, or files associated with this message, is
  strictly prohibited. If you have received this message
  in error, please notify us immediately by replying to
  the message and deleting it from your computer.
  Messages sent to and from us may be monitored. 
  
  Internet communications cannot be guaranteed to be
  secure or error-free as information could be
  intercepted, corrupted, lost, destroyed, arrive late
  or incomplete, or contain viruses. Therefore, we do
  not accept responsibility for any errors or omissions
  that are present in this message, or any attachment,
  that have arisen as a result of e-mail transmission.
  If verification is required, please request a
  hard-copy version. Any views or opinions presented are
  solely those of the author and do not necessarily
  represent those of the company. 
  


  

  
  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



-- 
Antu Sanadi | Security Research Analyst
SecPod Technologies Pvt. Ltd | http://www.secpod.com/ 
1354, 3rd Floor|9th Cross, 80ft Road, 33rd Main,
1st Phase, JP Nagar| Bangalore - 560078 |India



  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] False Positive Notification

2012-03-22 Thread Antu Sanadi

Hello Tom,

Its not dealing with WAB.EXE. It is checking the version from
registry
for Microsoft Address Book and morever it releated to wab32res.dll.
Still this vulnerability is not fixed.

So obviously it will report vulnerability.

Thanks,
Antu S

On Wednesday 21 March 2012 09:17 PM, Tom Powers wrote:

Sound Solutions, Inc.
8400 Highland Dr.
Wausau, WI 54401
Tel: 715-842-7665
Fax: 715-842-7620

Hello:
In the past…I have found some
NVTs that didn't work
and submitted them here. If this is till the right
way to do this…I will
continue as I have a few to post.
If not…please let me know the
proper protocol.
I have found a misdetection in
this NVT:
http://openvas.komma-nix.de/index.php?oid=801457
It deals with the version of the
WAB.EXE file. The patched
version is 6.0.2900.6040
The test is looking for test_version:"6.0.2900.5512"
Yet still shows the vulnerabilty is being there, even though the revision is higher than the test.
Can we have that looked at?

Thanks

Tom P

Sound Solutions, Inc. - Since 1995
We Appreciate Your Business and Referrals

This message (and any associated files) is
intended only for the use of the individual or entity
to which it is addressed and may contain information
that is confidential, subject to copyright or
constitutes a trade secret. If you are not the
intended recipient you are hereby notified that any
dissemination, copying or distribution of this
message, or files associated with this message, is
strictly prohibited. If you have received this message
in error, please notify us immediately by replying to
the message and deleting it from your computer.
Messages sent to and from us may be monitored.

Internet communications cannot be guaranteed to be
secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Therefore, we do
not accept responsibility for any errors or omissions
that are present in this message, or any attachment,
that have arisen as a result of e-mail transmission.
If verification is required, please request a
hard-copy version. Any views or opinions presented are
solely those of the author and do not necessarily
represent those of the company.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] NVT #3 deprecated yet still showing up

2012-03-21 Thread Antu Sanadi



  
  
Hi,

Thanks for reporting. I will look at this.
Can you give more details about test cases?

 I have tested  here it is working fine.
 It is not reporting any security warning or hole. 

Regards,
Antu S




On Wednesday 21 March 2012 10:18 PM, Tom Powers wrote:

  
  
  
  
  

  
  

  
Sound Solutions, Inc.
8400 Highland Dr.
  Wausau, WI  54401
  Tel: 715-842-7665
  Fax: 715-842-7620

  



  
  
  

  Hello
   
  This NVT http://openvas.komma-nix.de/nasl.php?oid=800176 
still shows up even though it was deprecated by
MS10-018.nasl
   
  All help is appreciated
   
  Tom P

  
  
  



  

  


   
  Sound Solutions, Inc.  - Since 1995
  We Appreciate Your Business and Referrals

  



  
This message (and any associated files) is
  intended only for the use of the individual or entity
  to which it is addressed and may contain information
  that is confidential, subject to copyright or
  constitutes a trade secret. If you are not the
  intended recipient you are hereby notified that any
  dissemination, copying or distribution of this
  message, or files associated with this message, is
  strictly prohibited. If you have received this message
  in error, please notify us immediately by replying to
  the message and deleting it from your computer.
  Messages sent to and from us may be monitored. 
  
  Internet communications cannot be guaranteed to be
  secure or error-free as information could be
  intercepted, corrupted, lost, destroyed, arrive late
  or incomplete, or contain viruses. Therefore, we do
  not accept responsibility for any errors or omissions
  that are present in this message, or any attachment,
  that have arisen as a result of e-mail transmission.
  If verification is required, please request a
  hard-copy version. Any views or opinions presented are
  solely those of the author and do not necessarily
  represent those of the company. 
  


  

  
  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



-- 
Antu Sanadi | Security Research Analyst
SecPod Technologies Pvt. Ltd | http://www.secpod.com/ 
1354, 3rd Floor|9th Cross, 80ft Road, 33rd Main,
1st Phase, JP Nagar| Bangalore - 560078 |India



  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] About Test HTTP dangerous methods

2012-02-02 Thread Antu Sanadi


Hi,

Plugin is works fine. I didn't  find any false positive.

Case 1:
Here after put request checking for file existence.
If file exists then it will be deleted.

Case 2:
If file does not exists, Checking for the PUT in the response.
So this wont be false positive.

Regards,
Antu Sanadi
SecPod Technologies Pvt Ltd

On Friday 03 February 2012 08:34 AM, sight In wrote:

Hi folks

about the NVT rule
Test HTTP dangerous methods
 1.3.6.1.4.1.25623.1.0.10498

i think it identify http methods for put and delete always cause false 
positive.

somebody encountered the same problem?

Thanks


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] ERROR: The number of NVTs in the OpenVAS Manager database is too low

2011-12-13 Thread Antu Sanadi



  
  
Ok. How many plugins you have in Plugins directory?
and make sure you run openvasmd
--rebuild after
openvas-nvt-sync.

Regards,
Antu Sanadi
SecPod Technologies Pvt Ltd


On Tuesday 13 December 2011 01:27 PM, Prashant Srivastava wrote:

  
  
  
  
  
Yes I did
 

   Thanks & Regards
   Prashant Srivastava
   +91-9910130880
  Ext: 2356 (GGN) 6575 (Noida)
   
  

 

  

  
  From:
openvas-discuss-boun...@wald.intevation.org
[mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Antu
Sanadi
Sent:
Tuesday, December 13, 2011
12:56 PM
To:
openvas-discuss@wald.intevation.org
Subject:
Re: [Openvas-discuss]
ERROR: The number of NVTs in the OpenVAS Manager
database is too low

 
Hi,
  
  Did you run openvas-nvt-sync after installing OpenVAS?
  
  Regards,
  Antu Sanadi
  SecPod Technologies Pvt Ltd
  
  On Tuesday 13 December 2011 12:10 PM, Prashant Srivastava
  wrote: 
HI
 
I am
  installing openVas-4 on my
  RHEL 5 and getting the below error 
 
Checking
  OpenVAS Manager ... 
   
  OK: OpenVAS Manager is present in version 2.0.4.
   
  OK: OpenVAS Manager client certificate is present as
  /var/lib/openvas/CA/clientcert.pem.
   
  OK: OpenVAS Manager database found in
  /var/lib/openvas/mgr/tasks.db.
   
  OK: Access rights for the OpenVAS Manager database are
  correct.
   
  OK: sqlite3 found, extended checks of the OpenVAS Manager
  installation enabled.
   
  OK: OpenVAS Manager database is at revision 41.
   
  OK: OpenVAS Manager expects database at revision 41.
   
  OK: Database schema is up to date.
   
  ERROR: The number of NVTs in the OpenVAS Manager database
  is too low.
   
  FIX: Make sure OpenVAS Scanner is running with an
  up-to-date NVT collection and
  run 'openvasmd --rebuild'.
 
Please help
  
 
 Thanks &
Regards
 Prashant Srivastava
DISCLAIMER AND PRIVILEGE NOTICE:
  This e-mail message contains confidential, copyright,
  proprietary and legally
  privileged information. It should not be used by anyone
  who is not the original
  intended recipient. If you have erroneously received this
  message, please
  delete it immediately and notify the sender. The recipient
  must note and
  understand that any views expressed in this message are
  those of the individual
  sender and no binding nature of the message shall be
  implied or assumed unless
  the sender does so expressly with due authority of BCCL
  subsidiaries and associated
  companies, Collectively Times Group. 
 
 
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
 
  
  DISCLAIMER AND PRIVILEGE NOTICE: This
e-mail message contains confidential, copyright, proprietary and
legally privileged information. It should not be used by anyone
who is not the original intended recipient. If you have
erroneously received this message, please delete it immediately
and notify the sender. The recipient must note and understand
that any views expressed in this message are those of the
individual sender and no binding nature of the message shall be
implied or assumed unless the sender does so expressly with due
authority of BCCL subsidiaries and associated companies,
Collectively Times Group.

  

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] ERROR: The number of NVTs in the OpenVAS Manager database is too low

2011-12-12 Thread Antu Sanadi


Hi,

Did you run openvas-nvt-sync after installing OpenVAS?

Regards,
Antu Sanadi
SecPod Technologies Pvt Ltd

On Tuesday 13 December 2011 12:10 PM, Prashant Srivastava wrote:


HI

I am installing openVas-4 on my RHEL 5 and getting the below error

Checking OpenVAS Manager ...

OK: OpenVAS Manager is present in version 2.0.4.

OK: OpenVAS Manager client certificate is present as 
/var/lib/openvas/CA/clientcert.pem.


OK: OpenVAS Manager database found in 
/var/lib/openvas/mgr/tasks.db.


OK: Access rights for the OpenVAS Manager database are correct.

OK: sqlite3 found, extended checks of the OpenVAS Manager 
installation enabled.


OK: OpenVAS Manager database is at revision 41.

OK: OpenVAS Manager expects database at revision 41.

OK: Database schema is up to date.

ERROR: The number of NVTs in the OpenVAS Manager database is 
too low.


FIX: Make sure OpenVAS Scanner is running with an up-to-date 
NVT collection and run 'openvasmd --rebuild'.


Please help

 Thanks & Regards

 Prashant Srivastava

DISCLAIMER AND PRIVILEGE NOTICE: This e-mail message contains 
confidential, copyright, proprietary and legally privileged 
information. It should not be used by anyone who is not the original 
intended recipient. If you have erroneously received this message, 
please delete it immediately and notify the sender. The recipient must 
note and understand that any views expressed in this message are those 
of the individual sender and no binding nature of the message shall be 
implied or assumed unless the sender does so expressly with due 
authority of BCCL subsidiaries and associated companies, Collectively 
Times Group.



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

[Openvas-discuss] header intact

2009-04-06 Thread Antu Sanadi


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

75 matches

Mail list logo