Hello Running Nessus against Solaris boxes with local security checks enabled leads to poorly exploitable results.
I don't blame Nessus about this, but the naming scheme of Sun does not allow to know whether the missing patches are recent ones : "normally" unpatched or old ones showing up a problem in update process. > The remote host is missing Sun Security Patch number 126868-01 (SunOS > 5.10: SunFreeware bzip2 patch). > > You should install this patch for your system to be up-to-date. > > *Solution :* > http://sunsolve.sun.com/search/document.do?assetkey=1-21-126868-01-1 > *Risk factor :* High > > *Plugin output :* Missing patch : 126868-01 (No previous revision of > this patch has been installed) > > List of affected packages : - SUNWbzip, version : > 11.10.0,REV=2005.01.08.05.16 > > > Nessus ID : 27074 > <http://www.nessus.org/plugins/index.php?view=single&id=27074> If I go to the Sunsolve site, I get : > *Document Audience:* PUBLIC *Document ID:* 126868-01 *Title:* SunOS > 5.10: SunFreeware bzip2 patch *Copyright Notice:* Copyright © 2007 > Sun Microsystems, Inc. All Rights Reserved *Update Date:* Mon Oct 15 > 09:33:10 MDT 2007 > So I can see this is a rather recent patch. If the DATE of either the Sun Update or of the plugin creation appears in the report, it can help a lot. Thanks -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
