Hi members,
in this mail, i put a patch for cpe.inc :
to correctly match openssh version and translate in cpe format.
SSH/banner/22=SSH-1.99-OpenSSH_5.8p1-hpn13v10 ==>
cpe:/a:openssh:openssh:5.8p1
--- cpe.inc 2011-06-07 15:43:29.000000000 +0200
+++ cpe.inc.seb 2011-06-17 09:00:29.000000000 +0200
@@ -783,7 +783,7 @@
"www/*/PowerPhlogger", "^([0-9.]+)", "cpe:/a:powerphlogger:powerphlogger:",
"www/*/phpshop", "^([0-9.]+)", "cpe:/a:edikon:phpshop:",
"www/*/rt_tracker", "^([0-9.]+)",
"cpe:/a:best_practical_solutions:request_tracker:",
-"SSH/banner/", "^([0-9.]+)", "cpe:/a:openssh:openssh:",
+"SSH/banner/*","SSH-[0-9].[0-9]{1,2}-OpenSSH_([.a-zA-Z0-9]*)[- ]?.*",
"cpe:/a:openssh:openssh:",
"www/*/phpldapadmin", "^([0-9.]+)", "cpe:/a:phpldapadmin:phpldapadmin:",
"www/*/AlefMentor", "^([0-9.]+)", "cpe:/a:findmysoft:alefmentor:",
"www/*/FamilyConnections", "^([0-9.]+)",
"cpe:/a:haudenschilt:family_connections_cms:",
I also notice a bug with NTP matching :
the plugin match :
*/NTP/Linux/Ver=4.2.4p7/* as /cpe:/a:ntp:ntp:4.2.4p7:p7/
this is not cpe mitre compliant it should be : */cpe:/a:ntp:ntp:4.2.4p7 /*
and
*/NTP/Linux/Ver=4.2.4p7-rc1/* should be
*/cpe/:/a:ntp:ntp:/4.2/./4p7/:*/*rc1*
/
What about using Nmap/tcp/*/version kb entry (if present) to match cpe
too ?
--
| Sébastien AUCOUTURIER | Software Design Engineer Lead |
| ITrust | 55 rue l'Occitane BP 67303 31673 LABEGE CEDEX
| Email: [email protected] | Fixe Sdt. 05.67.34.67.80 | Fax.
09.80.08.37.23
| IT Security Services & SaaS Editor |
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
