Tim, I had actually asked your help for the remote POC, we went ahead with the local check meanwhile.
About the family, missed that! Will move to appropriate family. Thanks for noticing. Thanks, Chandra. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tim Brown Sent: Saturday, July 18, 2009 3:28 PM To: [email protected]; [email protected] Subject: Re: [Openvas-plugins] [Openvas-commits] r4091 - intrunk/openvas-plugins: . scripts Regarding: + script_id(800907); + script_version("$Revision: 1.0 "); + script_cve_id("CVE-2009-2354", "CVE-2009-2355", "CVE-2009-2356"); + script_bugtraq_id(35606); + script_name("NullLogic Groupware Multiple Vulnerabilities (Linux)"); <snip> + script_description(desc); + script_summary("Check for the Version of NullLogic Groupware"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Intevation GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_nulllogic_groupware_detect_lin.nasl"); + script_require_keys("NullLogic-Groupware/Linux/Ver"); + script_require_ports("Services/www", 4110); and the equivalent NVT for Windows. Is Denial of Service really the right family for the checks? The checks can be performed safely, and two of the three outcomes are not DoS related. Also, why does it depend on local checks and keys that this sets? It's possible to test for this issue purely using remote means. No criticism intended it's just that as the author of the original advisory I know these bugs quite well :). Tim -- Tim Brown <mailto:[email protected]> <http://www.nth-dimension.org.uk/> _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
