Hello Tom,
The issue in secpod_ms10-060.nasl is fixed.
Thanks for informing.
Please let us know if you find any other issues.
Thank you,
Antu Sanadi
Sound Solutions, Inc.
8400 Highland Dr.
Wausau, WI 54401
Tel: 715-842-7665
Fax: 715-842-7620
Hellowe ran the NVT
sync and some of the problems ahs
disappeared...many thanks!! We are looking into
the other ones to make sure...and we'll repost to
the forum if we found anything else out.
This is the very first
NASL issue we had a week agoand it still shows
upthis was not in the group I sent last
night...but from one about a week ago.
Ideas?
Thanks
TP
From:
openvas-discuss-boun...@wald.intevation.org
[mailto:openvas-discuss-boun...@wald.intevation.org]
On Behalf Of Tom Powers
Sent: Thursday, May 12, 2011 2:09 PM
To: openvas-discuss@wald.intevation.org
Subject: {Spam?} {Disarmed} [Openvas-discuss]
NASL issue
Sound Solutions, Inc.
8400 Highland Dr.
Wausau, WI 54401
Tel: 715-842-7665
Fax: 715-842-7620
Hello OpenVas
crew...
We have been
running OV against windows XP machines
and have found something
interesting...and I was curious on
how to best approach the issue.
If we scan an
XP machine we are seeing that it has
this vulnerability:
Microsoft
.NET Common Language Runtime Remote Code
Execution Vulnerability (2265906)
This would be
fixed by MS10-060
The code is
looking for a specific version of
mscorlib.dll seen here:
## win xp, 2K3
if(hotfix_check_sp(xp:4, win2k:5, win2003:3) 0)
{
## Check for the version mscorlib.dll
if(version_in_range(version:Ver, test_version:"2.0.50727.3", test_version2:"2.0.50727.3614") ||
version_in_range(version:Ver, test_version:"2.0.50727.4", test_version2:"2.0.50727.4454"))
{
security_hole(0);
exit(0);
}
}
Now the issue is that this machine has the superceding patch of MS11-028 and shows the version of MSCorlib.dll to be 2.0.50727.3620
If I read the NASL code correctly, it is scanning for a version between .3 and .3614 and since ours is above that range, the OV box shows this as a vulnerability.
My question then is...
Can I just alter the NASL from .3614 to .3620?
Will an openvas-nvt-sync mess that up in the future?
Or am I reading this all wrong?
Effectively...we are getting a false positive on this. We have a few others...but the answer to this question would be the same for the other ones we are finding.
Thanks...all help is