Hi,
I recently performed a scan with OpenVAS (policy "Full and fast") on a
webserver host (for test/awareness purposes) having an SSL enabled port
443 using weak key generated on a system unpatched against CVE-2008-0166.
OpenVAS did not find this insecure key on the SSL port and as far as I
can guess from a recursive search on the plugin directory there is no
remote check for this vulnerability:
root@kali:/var/lib/openvas/plugins# grep -r CVE-2008-0166 .
./2008/deb_1576_1.nasl:(DSA-1571-1, CVE-2008-0166) indirectly affects
OpenSSH. As a result,
./2008/deb_1576_1.nasl: script_cve_id("CVE-2008-0166", "CVE-2008-1483",
"CVE-2007-4752");
./2008/deb_1571_1.nasl:Debian-specific change to the openssl package
(CVE-2008-0166). As a
./2008/deb_1571_1.nasl: script_cve_id("CVE-2008-0166", "CVE-2007-4995",
"CVE-2007-3108");
./2008/deb_1576_2.nasl: script_cve_id("CVE-2008-0166");
./2008/ubuntu_usn-612.nasl:Debian-specific change to the openssl package
(CVE-2008-0166). As a
./2008/ubuntu_usn-612.nasl: script_cve_id("CVE-2008-0166");
./2009/gb_ubuntu_USN_612_2.nasl: script_cve_id("CVE-2008-0166");
./2009/gb_ubuntu_USN_612_3.nasl: script_cve_id("CVE-2008-0166");
./2009/gb_ubuntu_USN_612_4.nasl: users to act immediately to secure
their systems. (CVE-2008-0166)
./2009/gb_ubuntu_USN_612_4.nasl: script_cve_id("CVE-2008-0166");
./2009/gb_ubuntu_USN_612_7.nasl: script_cve_id("CVE-2008-0166");
Even if it is an old vulnerability, I think it should pop up in a
network-side vulnerability scan.
* Am I missing something / doing something wrong here?
* Can somebody give me pointers on how to start to write a plugin for
this (e.g. a similar plugin doing checks on SSH/SSL key fingerprints as
an example?
Regards,
Bernhard
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
