Chandrashekhar B wrote: >> http://www.microsoft.com/technet/security/Bulletin/MS03-026.mspx > This is a very old issue as you see, might have been lost from the set we > inherited from Nessus for license reason. The focus now is on developing > checks for the latest vulnerabilities. Probably, we should find time to get > back and develop NASL's for some of the very old and important > vulnerabilities.
Even if it's old - it's still vulnerability that you can find on systems. I see that there are some local checks for that year (03). Imagine user which have lying forgotten and unpatched win2003 somewhere on large infrastructure and runs scan and gets almost nothing. From user's perspective, user expects from vulnerability scanner to find all vulnerabilities, not just old or new ones. It's not that OpenVAS web page states something like this: "Note: we would just detect vulnerabilities newer than 2008" >> http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx > We already have remote check for this, for both MS08-067 and conficker. If > you think there's a better different technique for doing this, please > provide us more details. Openvas-plugins is the place for such comments. I think we discussed this specific vuln while ago on IRC. Nmap has better remote and anonymous detection for this vuln. It's worth looking at... >> I think paper at: >> http://www.openvas.org/articles-studies.html >> goes much more deeper and also proves my point and I guess >> you read it already. > The paper I think mostly pointed out the old remote checks that are missing. > Because of the license concerns, number of those checks were probably > removed. As it was important to rewrite missing .inc libraries, I think it is important to rewrite those checks as well. > I think OpenVAS has come a long way in terms of vulnerability detection too, > in recent times. Of course improvement is always needed. It is a community > effort after all, if there are missing checks, please post them to > openvas-plugins, including any research findings if some effort has already Yes, I agree - it come a long way. Don't take me wrong. My e-mails on this thread are not sent to bash work done, but to identify problems/challenges, identify work needed to be done and to motivate all of us that we do it. I see that we agree that OpenVAS has much to do in order to be reliable *remote* vulnerability scanner (in terms of reporting vulnerabilities present). Some of this work can be done thrugh GSoC and this was my primary reason to start this discussion. Of course, I'll help as well. > gone in that direction. We can have a kind of track sheet where all these > requests are logged and tracked. We'll put in our best efforts to take them > for implementation. I think that wiki would be perfect for this and I guess we need wiki badly (not just for this, but for lot of other stuff...) Is there any chance we can set it up on openvas page? Kost _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
