Hi,
reviewing this discussion I see a general agreement to downgrade
traceroute to log. At least no reason why not.
Best
Jan
On Montag, 2. Januar 2012, Jan-Oliver Wagner wrote:
> I've patched secspace_traceroute.nasl to report only log (see attached
> patch).
>
> However, in some cases it might be a information leak problem.
>
> So, I wonder whether we should split this functionality into two NVTs:
> - one that simply retrieves the traceroute information and stores it
> in the host details.
> - one that reads the host details and sends a security note if it looks
> reasonable to do so (what are the hints for information leaks?)
> Ideally this NVT should already define a CVSS which explains the
> the severity with its base vector.
>
> What do you think?
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
