Do not take the number of vulns reported as a true number. I won't name names, but some scanners will report each vuln fixed by a KB, as opposed to saying you are missing the patch KB-whatever.
What is more important is if the information given to you is accurate. If scanner X says that you are vuln to A, B, and C and these are fixed by KB-N, but another simply says you are missing KB-N, they are reporting the same info. One has just taken the tactic of reporting each vuln in a patch as opposed to saying you are missing patch N. On Fri, Mar 21, 2014 at 2:21 PM, Jagannath Naidu < [email protected]> wrote: > > > > On 3 February 2014 18:30, Jan-Oliver Wagner < > [email protected]> wrote: > >> On Mittwoch, 11. Dezember 2013, Jagannath Naidu wrote: >> > I was a QualysGuard user and decided to use the opensource. >> > I am new to openvas and have been checking the functionality of it. >> > I installed the openvas on a centos minimal, 64 bit. It works well and >> > results are good. >> > >> > The only problem where I am stuck is that it shows very less details >> when >> > scanning any MS Windows target. >> > >> > As compared to the QualysGuard scan it is negligible. >> > >> > Do I have to install any commercial feeds or am I missing any >> configuration. >> >> The latter. The question is: which one? > > > Sorry for the late reply, its an windows XP. version 2002, SP 2 > > >> >> > When I scan a RHEL target, it shows results about 160(96 high, 27 med, >> 45 >> > low, and remaining logs) >> > When I scan a Windows target, it shows 40 (1 high, 3 med, 4 low). >> >> It'll be more interesting to compare scans of Windows with two different >> products. >> >> The results are almost same, this time it was windows 7 pro. > > >> > I provided smb credentials for windows target and ssh credentials for >> linux >> > target. >> >> Have you checked the log output of NVT 1.3.6.1.4.1.25623.1.0.90023 >> (SMB Authorization) on whether a successful login happened? > > > NVT: Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - > Remote<http://192.168.122.238:9392/omp?cmd=get_nvts&oid=1.3.6.1.4.1.25623.1.0.900233&token=0e2f2a1e-1bf3-4a9f-9901-a4bd17eb4901> > (OID: > 1.3.6.1.4.1.25623.1.0.900233<http://192.168.122.238:9392/omp?cmd=get_nvts&oid=1.3.6.1.4.1.25623.1.0.900233&token=0e2f2a1e-1bf3-4a9f-9901-a4bd17eb4901> > ) > (CVSS: 10.0 > > > > Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ >> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, >> HR B 202460 >> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> > > > > -- > Thanks & Regards > > B Jagannath > +919871324006 > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
