Hello Marco, Thanks for reporting. There was a bug in the code which is fixed now. Please get the latest code from svn.
Thanks, Chandra. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Marco Schaerfke Sent: Wednesday, April 15, 2009 7:55 PM To: [email protected] Subject: [Openvas-discuss] False positive security holes ? Dear all, I have a problem to understand openvas messages. I would like to give an example. After a scan I found the following security hole on my PC: Overview: This host is running WinAsm Studio and is prone to Heap Overflow Vulnerability. CVSS Score: CVSS Base Score : 9.0 (AV:N/AC:L/Au:NR/C:P/I:P/A:C) CVSS Temporal Score : 8.1 Risk factor: Critical OpenVAS ID : 1.3.6.1.4.1.25623.1.0.900532 <http://www.openvas.org/?oid=1.3.6.1.4.1.25623.1.0.900532> With the OpenVas link I found the NVT responsible for the security warnings: (openvas: trunk/openvas-plugins/scripts/secpod_winasm_studio_wap_bof_vuln.nasl) I am not a expert but I think that the code looks for the presence of the file WinAsm.exe winasmPath1 = progDir + "\WinAsm\WinAsm.exe"; winasmPath2 = progDir - "Program Files" + "\WinAsm\WinAsm.exe"; foreach path (make_list(winasmPath1, winasmPath2)) { share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$",string:path); file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",string:path); version = GetVer(file:file, share:share); if(version != NULL){ break; } if(version_is_less_equal(version:version, test_version:"5.1.5.0")){ security_hole(0); } I look with help of the explorer also for that file, but I am unable to find it. Could it be that the code above is wrong ? Thanks for help. Cheers Marco } _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
