Hello,
we discovered that in version_func.inc the use of islocalhost() should
be eliminated for the following reason:
1. system commands are executed on scanner host although no
credentials are provided.
2. system commands are executed with the same privileges
as the scanner (typically root).
I've grepped for islocalhost and found 50 occurances.
I did not look into them any deeper but I could imagine that
there are some misuses as well.
Anyone knows a reason why not to remove the islocalhost
sections from version_func.inc? (It is there since a long time)
What are the reasons we need a special handling for localhost
at all?
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
