Hello,
today after a 'openvas-nvt-sync' i got the
'secpod_proftpd_cmd_handling_sec_vuln_900133.nasl'.
I installed 'Proftp 1.3.0' on my localhost and start a scan.
'FTP Server type and version" (1.3.6.1.4.1.25623.1.0.10092)' found the
running Proftp but there is no result from the
'secpod_proftpd_cmd_handling_sec_vuln_900133.nasl'
I look into the 'secpod_proftpd_cmd_handling_sec_vuln_900133.nasl' and
found this:
,---[ secpod_proftpd_cmd_handling_sec_vuln_900133.nasl
| 86 if("Linux" >!< get_kb_item("ssh/login/uname")){
| 87 exit(0);
| 88 }
`---|
So, if i understand it right, a vulnerable Proftpd will only found if i
configure a ssh-login for the OpenVAS-Scan so OpenVAs can execute
'uname'.
But i will not and can not configure a ssh-login for
every host i want to scan. So i think the code above makes no sense.
Without this code snippets there is a result from the
'secpod_proftpd_cmd_handling_sec_vuln_900133.nasl'
If i remove the three lines, the next 'openvas-nvt-sync' will overide
the Plugin.
Is there any reason for the 'if("Linux" >!<get_kb_item("ssh/login/uname"))' or
is this a bug?
Many Greetings
Michael
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
