[Openvas-discuss] Duplicate vulnerability reported

2017-02-19 Thread Helmut Koers 
Hi all,
I have one vulnerability identified twice on a single 
system/protocol/port.

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 
Multiple Security Updates (CTX206001)
OID:1.3.6.1.4.1.25623.1.0.105538

The only difference I notified is the identified versions:

Installed version: 10.1 build 129.22
Installed version: 10.1.129.22 build 129.22

Shouldn't one exclude the other so that it is reported once only?

Thanks,
Helmut___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanning Windows devices for vulns and/or missing patches

2017-02-19 Thread Christian Fischer 
Hi,

On 19.02.2017 10:31, Oliver Marshall wrote:
> Currently, despite having SMB credentials set up in OV, we seem
> to get very little information about the Windows patching aspect.

most likely that the SMB login didn't worked at all or wasn't able to
access the registry of the windows machine. A quite good starting point
is the documentation available here which shows you how to setup the
target machine for credentialed scans:

http://docs.greenbone.net/GSM-Manual/gos-3.1/en/scanning.html#authenticated-scan

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Scanning Windows devices for vulns and/or missing patches

2017-02-19 Thread Eero Volotinen 
Is the SMB login really working. check from report?

Eero

2017-02-19 11:31 GMT+02:00 Oliver Marshall :

> Hi
>
>
> Is there a plugin or feed we can use to help identify vulns in Windows
> devices? Currently, despite having SMB credentials set up in OV, we seem to
> get very little information about the Windows patching aspect.
>
>
> I've used the demo virtual appliance (v8) against a newly installed Win7
> VM without any patches installed, and I was expecting a lot more
> information about missing patches, or vulns that can be fixed with XYZ
> KB/Patch, but really didn't see much.
>
>
> I found another post in the archive from some years back saying the same,
> and suggesting that WMI functionality needs to be added to OV. Is this
> still the case?
>
>
> Olly
>
>
>
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Scanning Windows devices for vulns and/or missing patches

2017-02-19 Thread Oliver Marshall 
Hi


Is there a plugin or feed we can use to help identify vulns in Windows devices? 
Currently, despite having SMB credentials set up in OV, we seem to get very 
little information about the Windows patching aspect.


I've used the demo virtual appliance (v8) against a newly installed Win7 VM 
without any patches installed, and I was expecting a lot more information about 
missing patches, or vulns that can be fixed with XYZ KB/Patch, but really 
didn't see much.


I found another post in the archive from some years back saying the same, and 
suggesting that WMI functionality needs to be added to OV. Is this still the 
case?


Olly


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] CVSS scanning and reporting in OpenVAS

2017-02-19 Thread Oliver Marshall 
Hi


I have a dozen Windows servers that I need to produce CVSS scoring for.


Can this be done with OpenVAS? We already run a monthly Full report in OpenVAS 
to help find any key issues that need to be dealt with but I can't see an 
obvious mention of CVSS scores in the reports.


Any advice welcome.


Olly


--


[1465904452611_logo_charcoal2_200.png]


Phone: 0333 344 2180

Email: oliver.marsh...@oakson.co.uk


Web: http://oakson.co.uk

Twitter: @oaksonltd

Facebook: /oaksonltd
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss