Are these authenticated or unauthenticated scans? On Thu, Feb 5, 2015 at 12:22 PM, Kevin T. Neely <ktne...@astroturfgarden.com > wrote:
> Michael, > > Pretty much any check that uses presented banner information on RedHat or > CentOS will trigger this. The one I was specifically looking at yesterday > is PHP version 5.3< 5.3.6 (OID: 1.3.6.1.4.1.25623.1.0.110013) which lists > a large number of CVEs from 2011, but we have applied the latest 5.3.3 on > CentOS 5.11, which has those fixes backported. > > Another repeat offender is the "OpenSSH installed on the remote host is > older than 5.7" check. While it is true that CentOS presents a version > older than 5.7, the vulnerabilities listed in the OpenVAS check are no > longer present because the security fixes have been backported. Sorry, I > don't have the OID handy for that one. > > thank you! > K > > > > On Thu, Feb 5, 2015 at 2:01 AM, Michael Meyer <michael.me...@greenbone.net > > wrote: > >> *** Kevin T. Neely wrote: >> >> > As a result, I am running into an increasing number of false positives >> when >> > scanning CentOS systems >> >> What kind of false positives? Please give some examples... >> >> Micha >> >> -- >> Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 >> http://www.greenbone.net/ >> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG >> Osnabrück, HR B 202460 >> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner >> _______________________________________________ >> Openvas-discuss mailing list >> Openvas-discuss@wald.intevation.org >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
