[Openvas-plugins] cacti_detect.nasl False Positive

[Sebastien Aucouturier]

Hi Team,

i got a FP with cacti_detect.nasl,
on my system, file docs/CHANGELOG is not available.

plugin do :
       url = string(dir, "/docs/CHANGELOG");
       req = http_get(item:url, port:port);
       buf = http_keepalive_send_recv(port:port, data:req, 
bodyonly:TRUE);

at this step i got in buf :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 
2.0//EN">\n<html><head>\n<title>404 Not 
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL 
/cacti/docs/CHANGELOG was not found on this 
server.</p>\n<hr>\n<address>Apache/2.2.16 (Debian) Server at example.com 
Port 80</address>\n</body></html>\n

       version = eregmatch(string: buf, pattern: 
"^([0-9.]+[a-z]{0,1})",icase:TRUE);

will match 2.0 in the buf, and of course this is a not the version of 
cacti, which should be 'unknown' in this case.
I attach a diff with my suggested modification : cacti_detect.diff1

BR

--
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud 
français"

    | Sébastien AUCOUTURIER | Responsable R&D
    | ITrust | 55 L'Occitane 31670 LABEGE
    | Email: s.aucoutur...@itrust.fr
    | Fixe Sdt. 05.67.34.67.80
    | IT Security Services & SaaS Editor--- cacti_detect.nasl   2013-07-31 14:49:44.086361072 +0200
+++ cacti_detect.nasl.new       2013-07-31 14:54:29.823474048 +0200
@@ -109,14 +109,15 @@

       url = string(dir, "/docs/CHANGELOG");
       req = http_get(item:url, port:port);
-      buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
+      buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+      if(ereg(pattern:"^HTTP/[0-9]\.[0-9] 200 ", string:buf)) {

-      version = eregmatch(string: buf, pattern: 
"([0-9.]+[a-z]{0,1})",icase:TRUE);
-
-      if ( !isnull(version[1]) ) {
-         vers=version[1];
-      }
+          version = eregmatch(string: buf, pattern: 
"^([0-9.]+[a-z]{0,1})",icase:TRUE);

+         if ( !isnull(version[1]) ) {
+            vers=version[1];
+         }
+      }
       tmp_version = string(vers, " under ", install);
       set_kb_item(name: string("www/", port, "/cacti"), value: tmp_version);

@@ -129,10 +130,8 @@
       info += string(vers);
       info += string("' was detected on the remote host\n");

-      desc = desc + info;
-
          if(report_verbosity > 0) {
-           security_note(port:port,data:string(desc));
+           security_note(port:port,data:string(info));
            exit(0);
          }
    }_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins