On Thu, Feb 26, 2004 at 12:25:35AM -0800, Van Eck wrote:
> 1) i was going thru the cve list (cve.mitre.org) and
> it contains close to 6,500 vuls. why is it then that
> nessus only has about 2,000... have the remaining vuls
> have been left out intentionally for not being useful
> enough or is it just the sheer number vuls that makes
> it hard to catch up with and write an exploit/check
> for?
A _lot_ of the CVE vulns are local only - ie: not network related, and
there's no way to remotely determine if /usr/sbin/mount is vulnerable to
a buffer overflow or not.
Also, a lot of the Nessus checks cover more than one CVE entry.
> 2) one of the postings on the forums mentioned that
> knowing the application version number was *NOT*
> important in launching the attack. does this mean that
> if an ftp service is detected, ALL ftp attacks are
> launched, regardless of the ftp application version?
There's no general answer to that. Some FTP checks only rely on the
banner, but other on behavior. And some FTP "attacks" apply to a lot of
FTP servers. And on top of all that, the optimization and safe checks
options will modify the behavior of some plugins
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
