Hi Again ....
I have noticed, that I have posted a wrong example in a previous post. I
was comparing kernel and kernel-devel packages.
But tis issue is REAL and for example present when scanning a server
with the following set of kernels:
On CentsOS 6.4
[openvas@srv ~]$ rpm -q kernel
kernel-2.6.32-71.el6.x86_64
kernel-2.6.32-71.29.1.el6.x86_64
kernel-2.6.32-358.11.1.el6.x86_64
kernel-2.6.32-358.14.1.el6.x86_64
20+ critical vulnerabilities were reported for the
kernel-2.6.32-71.el6.x86_64 package.
Could anyone please comment on this ? Because I am lost...
Does OpenVAS support kernel backporting on CentOS servers? I assume it
does.. but it evaluates every installed package and is very happy to to
report its findings, even for the kernels that are not used.
Could someone let me know how OpenVAS gathers packet information on
CentOS. Maybe I will be able to trick it into evaluating only the latest
kernel package.
Thank You!!
Kastytis
On 07/30/2013 05:31 PM, Kastytis B wrote:
Hello OpenVAS users and developers,
I am a quite new to Openvas and have the following problem.
I am scanning servers with local scans enabled. The servers I am
scanning have multiple kernel versions:
Kernels:
[me@srv ~]$ rpm -qa | grep kernel
kernel-devel-2.6.32-71.29.1.el6.x86_64
kernel-2.6.32-279.14.1.el6.x86_64
kernel-firmware-2.6.32-358.11.1.el6.noarch
kernel-2.6.32-71.29.1.el6.x86_64
dracut-kernel-004-303.el6.noarch
kernel-headers-2.6.32-358.11.1.el6.x86_64
kernel-2.6.32-358.11.1.el6.x86_64
kernel-devel-2.6.32-279.14.1.el6.x86_64
kernel-2.6.32-71.el6.x86_64
kernel-devel-2.6.32-358.11.1.el6.x86_64
The Kernel in use:
[me@srv ~]$ uname -r
2.6.32-358.11.1.el6.x86_64
The new kernel has the kernel fixes:
[me@srv ~]$ rpm -q --changelog kernel-2.6.32-358.11.1.el6.x86_64 |
grep CVE-2012-2745
- [kernel] Prevent keyctl new_session from causing a panic (David
Howells) [827424] {CVE-2012-2745}
[me@srv ~]$ rpm -q --changelog kernel-2.6.32-358.11.1.el6.x86_64 |
grep CVE-2012-2744
- [net] ipv6/netfilter: fix null pointer dereference in
nf_ct_frag6_reasm() (Petr Matousek) [833412] {CVE-2012-2744}
The Old kernel doesn't have these fixes:
[me@srv ~]$ rpm -q --changelog kernel-devel-2.6.32-71.29.1.el6 | grep
CVE-2012-2745
-- [NO OUTPUT]---
[me@srv ~]$ rpm -q --changelog kernel-devel-2.6.32-71.29.1.el6 | grep
CVE-2012-2744
-- [NO OUTPUT]---
After scanning the servers with openvas I get huge lists of critical
vulnerabilities basically complaining about the old kernels that are
not used anymore.
--------------- Example
High (CVSS: 7.8)
NVT: CentOS Update for kernel CESA-2012:1064 centos6 (OID:
1.3.6.1.4.1.25623.1.0.881073)
Package kernel-devel version kernel-devel-2.6.32-71.29.1.el6 is
installed which is known to be vulnerable.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
--------------- Example
I don't want to go through all those lists. Deleting the old kernels
does not seem to be a solution for me.. I would like Openvas to check
only the Kernel that is in use. Is there a method to do that ?
thx,
kb
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
