Hi, On 02.11.2016 10:00, Tomasz Jadowski wrote: > On Wed, Oct 26, 2016 at 03:30:49PM +0200, Christian Fischer wrote: >> the debugging of this detection depends if you're getting the above log >> entry or not. Also make sure that your Authenticated Scans are actually >> working correctly. >> > > Right, I had some minor problems with correct scan. Now, I have a > some result in scan report: > > Summary > > This script finds the installed PHP version on Linux and saves the version in > KB. > Vulnerability Detection Result > > Detected PHP > Version: 5.x.xx > Location: /usr/bin/php > CPE: cpe:/a:php:php:5.x.xx > > Concluded from version identification result: > PHP 5.x.xx > > Vulnerability Detection Method > > Details: Linux PHP Detection (OID: 1.3.6.1.4.1.25623.1.0.103592) > > Version used: $Revision: 3592 $
ok that looks good now. > but I suppose that OpenVAS rely on official Red Hat Security Advisory. Am I > right? Not exactly in this case. As explained previously there are two types of vulnerability checks OpenVAS is relying on: 1. Local Security Checks (LSC) These are auto generated based on Distro Advisories (Like Red Hat RHSA or Debian DSA) and are checking for vulnerabilities based on the installed Distro package names like 5.6.27+dfsg-0+deb8u1. These checks mostly won't catch your custom build PHP as long as it is not installed via your package manager. 2. Network Vulnerability Tests (NVT) These are manually created tests which are e.g. checking actively and/or version/CPE based (e.g. cpe:/a:php:php:5.6.26) for a vulnerability. For these it doesn't matter if you have a custom build PHP or not, as long as PHP is correctly detected. As most of the PHP based vulnerabilities are version/banner based they are prone to false positives on linux-like systems due to backports. These are getting a Quality of Detection (QoD) value of 30% and won't show up in a default report (QoD of 70%+ is needed here). Because of this you might need to update your filter to show also vulnerabilities with lower QoD values. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
