On Thu, Apr 14, 2005 at 10:23:47AM -0400, Luke Youngblood wrote:
> I ran into this issue as well, and my best guess is that the logic within
> the .nasl script is not well written enough to check whether a patch was
> obsoleted by a newer patch, and if the newer patch was installed. I think
> the author took the safe approach and checks for both versions of the patch,
> old and new.
Actually, there is some logic for superseeded patches. There was an
issue with the way some plugins were written - it's fixed now.
> Also, one more nitpick/complaint: It would be great if Nessus could check
> the patch level of my sendmail on a Solaris box and not throw a false alarm
> for a vulnerable sendmail when I'm already patched. I know the sendmail
> check is probably a separate script so that is why they can't do it, but it
> would save me the hassle of having to look up the CVE number at cert.org and
> check the patch number just to verify it is a false positive.
Working on this - we actually already do it for a couple of plugins, but
if you have specific CVE's, let me know.
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
