2011/12/28 Moritz Mühlenhoff <[email protected]>
> Dave Henley <[email protected]> schrieb:
> > --_08b89ad2-8af0-454c-bd3d-7274adf10707_
> > Content-Type: text/plain; charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> >
> >
> > I recently installed a Debian Squeeze system along with apache2 and PHP5.
> > The system is fully up-to-date and the following php packages are
> installed=
>
> Nearly all Nessus checks are junk; they only check version
> numbers, but not whether a vulnerability has actually been fixed.
>
>
In order to try to be more accurate, you could enable the "Thorough scan"
option in Nessus. Disable the "safe checks" options might help, so Nessus
does not rely (only) on version number and banners but actually tries to
exploit the vulnerability (depending on how the NASL script/plugin is
written, of course). However, this could cause that, if there is a denial
of service vulnerability or any other that might impact on running
services, these might be affected, and maybe the service would have to be
restarted or even the host rebooted (for example, if it's a vulnerability
that crashes the OS)
> Since we address security vulnerabilities with backports this
> leads to numerous false positives.
>
> Cheers,
> Moritz
>
>
>
Best Regards,
--
Jonás Andradas
GPG Fingerprint: 678F 7BD0 83C3 28CE 9E8F
3F7F 4D87 9996 E0C6 9372
