Hi! When running scans I see that all hosts show several issues for libpng and mozilla applications. However, reports show that something is wrong, e.g.:
High (CVSS: 7.5) NVT: libpng vulnerability (OID: 1.3.6.1.4.1.25623.1.0.90021) Details Add Note Add Override Found : -a: Command not found. Version : LANG=C: Command not found. LC_ALL=C: Command not found. -a:: Too many arguments. This is because it runs "which -a libpng_config" to find the libpng_config executable in the path. However, "which -a" won't work in tcsh and the SSH account I can use to run local checks on the hosts has tcsh has default shell. So basically, these checks depend on "bash" or "sh" to be the login shell of the account used. I think, instead the check should specifically use /bin/sh to make the test and not rely on the login shell set on the remote machine. Can this be changed easily? We have this account on all hosts and it's the easiest way to get ssh access... Thanks, Gerald _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
