Nessus is now reporting multiple false-positives for AIX 5.3. The same false-positives are showing up on approximately 20 of our 46 AIX systems. SECTION 1 below shows the patches Nessus reports missing for a particular system (extraneous text removed after the first example). SECTION 2 shows a manual patch audit of the same system. Every single patch Nessus reported as missing is a false-positive. SECTION 1 Vulnerability found on port general/tcp The remote host is missing AIX Critical Security Patch number IY55789 (SECURITY: Symlink vulnerability in console commands). You should install this patch for your system to be up-to-date. Solution : http://www-912.ibm.com/eserver/support/fixes/ Risk factor : High Nessus ID : 14438 The remote host is missing AIX Critical Security Patch number IY49883 The remote host is missing AIX Critical Security Patch number IY64976 The remote host is missing AIX Critical Security Patch number IY48657 The remote host is missing AIX Critical Security Patch number IY48873 The remote host is missing AIX Critical Security Patch number IY49781 The remote host is missing AIX Critical Security Patch number IY48638 The remote host is missing AIX Critical Security Patch number IY68464 The remote host is missing AIX Critical Security Patch number IY48149 The remote host is missing AIX Critical Security Patch number IY44288 The remote host is missing AIX Critical Security Patch number IY55682 The remote host is missing AIX Critical Security Patch number IY51569 The remote host is missing AIX Critical Security Patch number IY44188 The remote host is missing AIX Critical Security Patch number IY51775 The remote host is missing AIX Critical Security Patch number IY45367 The remote host is missing AIX Critical Security Patch number IY43963 The remote host is missing AIX Critical Security Patch number IY44178 The remote host is missing AIX Critical Security Patch number IY46086 The remote host is missing AIX Critical Security Patch number IY64355 The remote host is missing AIX Critical Security Patch number IY45329 The remote host is missing AIX Critical Security Patch number IY53519 The remote host is missing AIX Critical Security Patch number IY59206 The remote host is missing AIX Critical Security Patch number IY44716 The remote host is missing AIX Critical Security Patch number IY43806 The remote host is missing AIX Critical Security Patch number IY44175 The remote host is missing AIX Critical Security Patch number IY45453 The remote host is missing AIX Critical Security Patch number IY53552 The remote host is missing AIX Critical Security Patch number IY51518 The remote host is missing AIX Critical Security Patch number IY64523 The remote host is missing AIX Critical Security Patch number IY44183 The remote host is missing AIX Critical Security Patch number IY44192 The remote host is missing AIX Critical Security Patch number IY46702 The remote host is missing AIX Critical Security Patch number IY44190 The remote host is missing AIX Critical Security Patch number IY44810 The remote host is missing AIX Critical Security Patch number IY44701 The remote host is missing AIX Critical Security Patch number IY44530 The remote host is missing AIX Critical Security Patch number IY50452 The remote host is missing AIX Critical Security Patch number IY70027 The remote host is missing AIX Critical Security Patch number IY52242 The remote host is missing AIX Critical Security Patch number IY44203 The remote host is missing AIX Critical Security Patch number IY44211 SECTION 2 > for each in `cat poo.list` > do > instfix -ivk $each > done IY55789 Abstract: symlink vulnerability in console commands Fileset bos.rte.console:5.2.0.11 is applied on the system. Fileset bos.rte.serv_aid:5.2.0.31 is applied on the system. All filesets for IY55789 were found. IY49883 Abstract: SECURITY: aniti-cache poison techniques to negative answers Fileset bos.net.tcp.server:5.2.0.16 is applied on the system. All filesets for IY49883 were found. IY64976 Abstract: Security vulnerability in lsvpd Fileset bos.rte.methods:5.2.0.52 is applied on the system. All filesets for IY64976 were found. IY48657 Abstract: Sendmail prescan() vulnerability. Fileset bos.net.tcp.client:5.2.0.15 is applied on the system. All filesets for IY48657 were found. IY48873 Abstract: Method error when running cfgmgr Fileset devices.pci.14106602.rte:5.2.0.12 is applied on the system. Fileset devices.pci.14107802.rte:5.2.0.2 is applied on the system. All filesets for IY48873 were found. IY49781 Abstract: Coredump in libc while running SAP applications Fileset bos.adt.prof:5.2.0.16 is applied on the system. Fileset bos.rte.libc:5.2.0.16 is applied on the system. All filesets for IY49781 were found. IY48638 Abstract: find -mtime does not select all applicable files Fileset bos.rte.commands:5.2.0.14 is applied on the system. All filesets for IY48638 were found. IY68464 Abstract: SECURITY: Local root exploits in perl 5.8.x Fileset perl.rte:5.8.0.11 is applied on the system. All filesets for IY68464 were found. IY48149 Abstract: AUTOFS: SYSTEM CRASH IN AIX2ONC_RELE Fileset bos.net.nfs.client:5.2.0.15 is applied on the system. All filesets for IY48149 were found. IY44288 Abstract: Memory overlay in FCP driver Fileset devices.pci.df1000f7.com:5.2.0.11 is applied on the system. All filesets for IY44288 were found. IY55682 Abstract: SECURITY: Possible buffer overflow in putlvcb command Fileset bos.rte.lvm:5.2.0.31 is applied on the system. All filesets for IY55682 were found. IY51569 Abstract: packet trace shows pauses before resuming send Fileset bos.net.tcp.client:5.2.0.30 is applied on the system. All filesets for IY51569 were found. IY44188 Abstract: System dump on reboot after nim install Fileset bos.sysmgt.serv_aid:5.2.0.11 is applied on the system. All filesets for IY44188 were found. IY51775 Abstract: GATED DELETES BROADCAST ROUTES Fileset bos.net.tcp.client:5.2.0.30 is applied on the system. All filesets for IY51775 were found. IY45367 Abstract: file command modifies mtime, ctime and atime of files Fileset bos.rte.commands:5.2.0.11 is applied on the system. All filesets for IY45367 were found. IY43963 Abstract: crash in find_dir_name Fileset bos.mp:5.2.0.12 is applied on the system. Fileset bos.mp64:5.2.0.12 is applied on the system. Fileset bos.up:5.2.0.12 is applied on the system. All filesets for IY43963 were found. IY44178 Abstract: setlocale() does not change LC_MONETARY items Fileset bos.adt.prof:5.2.0.11 is applied on the system. Fileset bos.rte.libc:5.2.0.11 is applied on the system. All filesets for IY44178 were found. IY46086 Abstract: File ops through Desc & Stream causes problems. Fileset bos.adt.prof:5.2.0.13 is applied on the system. Fileset bos.rte.libc:5.2.0.13 is applied on the system. All filesets for IY46086 were found. IY64355 Abstract: SECURITY: Possible security exposure in chcod command Fileset devices.chrp.base.rte:5.2.0.52 is applied on the system. All filesets for IY64355 were found. IY45329 Abstract: SECURITY: Format string vulnerability in /usr/bin/enq & LP Fileset bos.rte.printers:5.2.0.11 is applied on the system. All filesets for IY45329 were found. IY53519 Abstract: SECURITY: Buffer overflow in X-Windows font library Fileset X11.apps.rte:5.2.0.30 is applied on the system. Fileset X11.base.rte:5.2.0.30 is applied on the system. Fileset X11.fnt.fontServer is not applied on the system. All filesets for IY53519 were found. IY59206 Abstract: /sbin/rc.boot insecurely handles temporary files. Fileset bos.alt_disk_install.rte:5.2.0.41 is applied on the system. Fileset bos.rte.boot:5.2.0.41 is applied on the system. Fileset bos.rte.install:5.2.0.41 is applied on the system. All filesets for IY59206 were found. IY44716 Abstract: HANG DUE TO LOOPING IN IPINTR Fileset bos.net.tcp.client:5.2.0.12 is applied on the system. All filesets for IY44716 were found. IY43806 Abstract: Data corruption while building large database Fileset devices.fcp.disk.array.rte:5.2.0.11 is applied on the system. All filesets for IY43806 were found. IY44175 Abstract: Programs using the RPC svcfs_create interface may hang Fileset bos.adt.prof:5.2.0.11 is applied on the system. Fileset bos.rte.libc:5.2.0.11 is applied on the system. All filesets for IY44175 were found. IY45453 Abstract: FED LoadL_startd hangs when canceling process scope thread Fileset bos.adt.prof:5.2.0.12 is applied on the system. Fileset bos.rte.libpthreads:5.2.0.12 is applied on the system. All filesets for IY45453 were found. IY53552 Abstract: date command cannot set February 29 of a leap year Fileset bos.rte.date:5.2.0.30 is applied on the system. All filesets for IY53552 were found. IY51518 Abstract: Stale RPI leads to bad PDISCs. Fileset devices.pci.df1000f7.com:5.2.0.30 is applied on the system. All filesets for IY51518 were found. IY64523 Abstract: Security vulnerability in diag. commands. Fileset bos.rte.diag:5.2.0.51 is applied on the system. All filesets for IY64523 were found. IY44183 Abstract: LL/POE bmaxdata jobs fail due to changed hard stack limit Fileset bos.mp:5.2.0.11 is applied on the system. Fileset bos.mp64:5.2.0.11 is applied on the system. Fileset bos.up:5.2.0.11 is applied on the system. All filesets for IY44183 were found. IY44192 Abstract: YPXFR BACKWARDS COMPATIBILITY Fileset bos.net.nis.server:5.2.0.11 is applied on the system. All filesets for IY44192 were found. IY46702 Abstract: CRASH IN REMQUE Fileset bos.net.tcp.client:5.2.0.13 is applied on the system. All filesets for IY46702 were found. IY44190 Abstract: nfs acl's fail on 64 bit kernel Fileset bos.net.nfs.client:5.2.0.11 is applied on the system. All filesets for IY44190 were found. IY44810 Abstract: DSI in bmRecycle Fileset bos.mp:5.2.0.12 is applied on the system. Fileset bos.mp64:5.2.0.12 is applied on the system. Fileset bos.up:5.2.0.12 is applied on the system. All filesets for IY44810 were found. IY44701 Abstract: Problems with pax command with multiple listopt options Fileset bos.rte.archive:5.2.0.11 is applied on the system. All filesets for IY44701 were found. IY44530 Abstract: NFS:NFSO -H SM_REGISTER <HOSTNAME> GIVES ERROR Fileset bos.net.nfs.client:5.2.0.12 is applied on the system. All filesets for IY44530 were found. IY50452 Abstract: LQUERYVG CAN FAIL FOR A BIGVG Fileset bos.rte.lvm:5.2.0.17 is applied on the system. All filesets for IY50452 were found. IY70027 Abstract: Attacks against TCP via ICMP Fileset bos.net.tcp.client:5.2.0.61 is applied on the system. Fileset bos.perf.tune:5.2.0.61 is applied on the system. All filesets for IY70027 were found. IY52242 Abstract: logredo core dump if j2 log greater than 2GB Fileset bos.rte.filesystem:5.2.0.30 is applied on the system. Fileset bos.adt.include:5.2.0.30 is applied on the system. All filesets for IY52242 were found. IY44203 Abstract: syslogd core dumps if required rotation of multiple logfile Fileset bos.net.tcp.client:5.2.0.11 is applied on the system. All filesets for IY44203 were found. IY44211 Abstract: filemon failures on 64 bit kernel Fileset bos.perf.tools:5.2.0.11 is applied on the system. All filesets for IY44211 were found.
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
