Re: [Openvas-plugins] Resolve severity mismatch of "TCP timestamps"

Thu, 04 Apr 2013 22:03:13 -0700 

Hi,

We have applied the CVSS changes to the tcp_timestamps.nasl and
resultant CVSS is 5.0. According to this the NVT is updated and
committed.

Thanks you!

Regards,
AnTu

On Monday 01 April 2013 01:58 AM, Thomas Reinke wrote:

+1 on Confidentiality is Partial.

The whole point is an extremely low likelihood of providing information
that someone could use to exploit.  But THAT is a judgement call we
shouldn't be making (it is dependent on the type and quality of s/w
running on the remote system).

As such, it is information disclosure that most admins can safely
ignore, but it is nevertheless information disclosure, and should
be flagged as such.

Think using timestamps to differentiate betweeen multiple
systems served by load balancing hardware and being able to use
the clock error from a accurate clock to make a determination
of the size of the load balanced network, without ever seeing the
hardware in question.  This applies to any protocol that provides
clock values (same of HTTP server protocol), and has been shown
to be of practical value in identifying customers running said
load balanced networks that are otherwise remotely not detectable.

Thomas


On 30/03/13 09:06 AM, Jan-Oliver Wagner wrote:

Hi,

I wonder about tcp_timestamps.nasl (1.3.6.1.4.1.25623.1.0.80091):

It has CVSS=0, but reports security_note.
So, one is wrong.

According to http://www.openvas.org/nvt-dev.html#scoring_guidelines
does it make sense to apply the rule for Information disclosure vulnerability:

    1. Confidentiality is Partial(P) or Complete(C)
    2. Integrity is None(N)
    3. Availability is None(N)

?

Or is it more sensible to send a log_message as there as there is only
a very vague vulnerability?

There are probably other similar NVTs, so any insights and thoughts are
welcome.

Best

Jan


_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins



--
Antu Sanadi | Security Research Analyst
SecPod Technologies Pvt. Ltd | http://www.secpod.com/
1354, 3rd Floor|9th Cross, 80ft Road, 33rd Main,
1st Phase, JP Nagar| Bangalore - 560078 |India



_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

Reply via email to