[Openvas-discuss] Openvas local checks and old linux Kernels

Tue, 30 Jul 2013 08:32:07 -0700 

Hello OpenVAS users and developers,

I am a quite new to Openvas and have the following problem.

I am scanning servers with local scans enabled. The servers I am scanning
have multiple kernel versions:

Kernels:
[me@srv ~]$ rpm -qa | grep kernel
kernel-devel-2.6.32-71.29.1.el6.x86_64
kernel-2.6.32-279.14.1.el6.x86_64
kernel-firmware-2.6.32-358.11.1.el6.noarch
kernel-2.6.32-71.29.1.el6.x86_64
dracut-kernel-004-303.el6.noarch
kernel-headers-2.6.32-358.11.1.el6.x86_64
kernel-2.6.32-358.11.1.el6.x86_64
kernel-devel-2.6.32-279.14.1.el6.x86_64
kernel-2.6.32-71.el6.x86_64
kernel-devel-2.6.32-358.11.1.el6.x86_64

The Kernel in use:
[me@srv ~]$ uname -r
2.6.32-358.11.1.el6.x86_64

The new kernel has the kernel fixes:
[me@srv ~]$ rpm -q --changelog kernel-2.6.32-358.11.1.el6.x86_64 | grep
CVE-2012-2745
- [kernel] Prevent keyctl new_session from causing a panic (David Howells)
[827424] {CVE-2012-2745}
[me@srv ~]$ rpm -q --changelog kernel-2.6.32-358.11.1.el6.x86_64 | grep
CVE-2012-2744
- [net] ipv6/netfilter: fix null pointer dereference in nf_ct_frag6_reasm()
(Petr Matousek) [833412] {CVE-2012-2744}

The Old kernel doesn't have these fixes:
[me@srv ~]$ rpm -q --changelog kernel-devel-2.6.32-71.29.1.el6 | grep
CVE-2012-2745
-- [NO OUTPUT]---
[me@srv ~]$ rpm -q --changelog kernel-devel-2.6.32-71.29.1.el6 | grep
CVE-2012-2744
-- [NO OUTPUT]---

After scanning the servers with openvas I get huge lists of critical
vulnerabilities basically complaining about the old kernels that are not
used anymore.

--------------- Example
High (CVSS: 7.8)
NVT: CentOS Update for kernel CESA-2012:1064 centos6 (OID:
1.3.6.1.4.1.25623.1.0.881073)

Package kernel-devel version kernel-devel-2.6.32-71.29.1.el6 is installed
which is known to be vulnerable.

  Vulnerability Insight:
  The kernel packages contain the Linux kernel, the core of any Linux
  operating system.

  This update fixes the following security issues:
--------------- Example

I don't want to go through all those lists. Deleting the old kernels does
not seem to be a solution for me..  I would like Openvas to check only the
Kernel that is in use. Is there a method to do that ?

thx,
kb

_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to