Seems like there's not much help on this list for Solaris users... :-( I ran into this issue as well, and my best guess is that the logic within the .nasl script is not well written enough to check whether a patch was obsoleted by a newer patch, and if the newer patch was installed. I think the author took the safe approach and checks for both versions of the patch, old and new.
It's much safer to throw a false positive than to have a false negative. Also, one more nitpick/complaint: It would be great if Nessus could check the patch level of my sendmail on a Solaris box and not throw a false alarm for a vulnerable sendmail when I'm already patched. I know the sendmail check is probably a separate script so that is why they can't do it, but it would save me the hassle of having to look up the CVE number at cert.org and check the patch number just to verify it is a false positive. Cheers, Luke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Heard Sent: Wednesday, April 13, 2005 7:27 PM To: [email protected] Subject: False Positives for solaris 9 Security Patches I am getting false positives for the following Solaris 9 Security Patches: Nessus plugin ID 13539 Nessus is reporting Patch 113475-03 as missing. Patch 113475-03 is obsoleted by 112874-23 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-11347 5-03-1 Nessus Plugin ID 13540 Nessus is reporting Patch 113492-04 as missing. Patch 113492-04 is obsoleted by 113073-13 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-11349 2-04-1 Any ideas why these are being reported incorrectly? Peter Heard _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
