On Apr 19, 2007, at 3:32 PM, Scott Pate wrote:
I'm trying to understand how certain KB entried are used. Or more
specifically, why certain plugins are not reporting. I scanned a
host that had sendmail 8.12.8 according to Nessus. Plugin 11499
supposedly reports a buffer overflow based on service version
number which in this case, would make my server vulnerable, yet as
far as I can tell, Nessus did not report the vuln b/c of the KB
entry for BID-8641.
Nothing in the report mentioned this vuln or BID-8641. So my
question is what is the purpose of this entry in the KB if it keeps
the plugin from running and is apparently not used for the report.
Actually this is the opposite -- the plugin will not report the flaw
when the key "BID-8641" is set.
This key is set by local checks which determine that patch for this
particular issue has indeed been installed -- for instance, if your
box is a Solaris 8 x86 server with patch 110616-17 installed, then it
is not vulnerable to this flaw.
This mecanism is used because not all vendors upgrade the version of
vulnerable software when they patch it (actually, nearly none of them
do). Which means that even though your sendmail banner says "8.12.8",
it might actually be 8.12.8 + the security patches from 8.12.9.
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
