Hi,
We have tested this NVT on few of the vulnerable setups. Did not notice
any crash, that is the reason NVT got the script_category as ACT_ATTACK
instead of ACT_DENIAL.
However thanks for your observation and bringing it to our notice. Will
have another look.
Regards,
Antu Sanadi
On Thursday 06 July 2017 10:29 PM, Dan ½ wrote:
This NVT is run as part of the "Full and fast" suite, which, as per my
understanding, should not include any destructive tests (e.g. ones
that cause crashes on the target server).
However, I am observing 100% reproducibility when running this NVT
against my mysql instance, version 5.6.32. Additionally, it appears
that the NVT is not expecting the endpoint to crash. As a result, even
though the target service crashes, OpenVas does NOT report any
vulnerability!
I just wanted to see if anyone else observed the same behavior, and if
we can update the category on this NVT to prevent unexpected crashes
on critical services.
Thanks!
Dan ½
PGP Key: 0x1EF05BE04E5674F9
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
