Possible False Positives Scanning 64 bit Red Hat Systems

Thu, 21 Jun 2007 08:02:09 -0700 

I have googled and searched the list, and haven't found anything related to 
what I am seeing. I am scanning some 64 Bit Red Hat boxes, and they are coming 
up with a number of False Positive vulnerabilities. I scanned one of these 
machines a few weeks ago, and didn't notice this problem. I'm on the 14 day 
delay, and I just updated yesterday.One of the many plugins that are coming 
back vulnerable is 18441. Looking at the code, it appears that this check is 
looking for the 
following:dbus-0.22-12.EL.2dbus-devel-0.22-12.EL.2dbus-glib-0.22-12.EL.2dbus-python-0.22-12.EL.2dbus-x11-0.22-12.EL.2But
 when I look on the affected system, these packages do not appear to be 
present:[EMAIL PROTECTED] ~]$ rpm -qa --qf 
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep 
dbusdbus-devel-0.22-12.EL.9|(none)dbus-0.22-12.EL.9|(none)dbus-0.22-12.EL.9|(none)dbus-x11-0.22-12.EL.9|(none)dbus-python-0.22-12.EL.9|(none)dbus-glib-0.22-12.EL.9|(none)dbus-glib-0.22-12.EL.9|(none)Another
 example, # 19390. This check is looking 
for:irb-1.8.1-7.EL4.1ruby-1.8.1-7.EL4.1ruby-devel-1.8.1-7.EL4.1ruby-docs-1.8.1-7.EL4.1ruby-libs-1.8.1-7.EL4.1ruby-mode-1.8.1-7.EL4.1ruby-tcltk-1.8.1-7.EL4.1On
 my machine:[EMAIL PROTECTED] ~]$ rpm -qa --qf 
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep 
rubyruby-libs-1.8.1-7.EL4.8|(none)[EMAIL PROTECTED] ~]$ rpm -qa --qf 
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep [EMAIL PROTECTED] ~]$Other 
information from the machine being scanned:cat /etc/redhat-release = Red Hat 
Enterprise Linux AS release 4 (Nahant Update 5)uname -m = x86_64uname -a = 
Linux thebox.somewhere.net 2.6.9-55.ELsmp #1 SMP Fri Apr 20 16:36:54 EDT 2007 
x86_64 x86_64 x86_64 GNU/LinuxScanner Host:nessus (Nessus) 3.0.5 for 
Linux2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686 i686 i386 
GNU/LinuxRed Hat Enterprise Linux WS release 4 (Nahant Update 5)This is my 
first post to the list, so if you need more info, please let me know.Thanks.
_________________________________________________________________
Live Earth is coming.  Learn more about the hottest summer event - only on MSN.
http://liveearth.msn.com?source=msntaglineliveearthwlm
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to