[Openvas-discuss] Openvas 6 Scan dies with : SIGSEGV occured !
Hi List My scans seem to begin then fail with internal error, using the Greenbone gsa. Scanning via a slave, the scan seems to begin fine, however shortly after running it dies with the following messages: -- [Mon Dec 22 13:26:32 2014][14626] SIGSEGV occured ! [Mon Dec 22 13:26:32 2014][14626] closing logfile [Mon Dec 22 13:26:32 2014][13469] Process 14626 seems to have died too early -- I have openvas installed via yum on CentOS 6.5: -- openvas-libraries-7.0.6-15.el6.art.x86_64 openvas-cli-1.3.1-6.el6.art.x86_64 openvas-manager-5.0.7-25.el6.art.x86_64 openvas-scanner-4.0.5-17.el6.art.x86_64 openvas-1.0-13.el6.art.noarch --- I'd appreciate it if someone could shed some light on this issue! Some log context from the slave: --- [Mon Dec 22 13:25:56 2014][13446] openvassd 4.0.3 started == openvasmd.log == lib serv: DEBUG:2014-12-22 13h26.10 utc:13452:Shook hands with peer. lib serv: DEBUG:2014-12-22 13h26.10 utc:13452:Connected to server on socket 10. lib serv: DEBUG:2014-12-22 13h26.10 utc:13452:Shook hands with peer. base gpgme:MESSAGE:2014-12-22 13h26.10 UTC:13452: Setting GnuPG homedir to '/var/lib/openvas/gnupg' base gpgme:MESSAGE:2014-12-22 13h26.10 UTC:13452: Using OpenPGP engine version '2.0.14' event lsc_credential:MESSAGE:2014-12-22 13h26.10 UTC:13452: LSC Credential bf651651-d974-4bb7-855a-a695ae72d71f has been created by admin event target:MESSAGE:2014-12-22 13h26.10 UTC:13452: Target 881fbfbc-3e83-4a59-b114-27e214353fe9 has been created by admin event config:MESSAGE:2014-12-22 13h26.11 UTC:13452: Scan config 8056a4f1-e95e-410a-9998-4bf62215bd9f has been created by admin event task:MESSAGE:2014-12-22 13h26.11 UTC:13452: Status of task (6d895a7f-ace7-4f39-a53e-098956dcca59) has changed to New event task:MESSAGE:2014-12-22 13h26.11 UTC:13452: Task 6d895a7f-ace7-4f39-a53e-098956dcca59 has been created by admin event task:MESSAGE:2014-12-22 13h26.11 UTC:13452: Status of task 50172e6b-ba89-4362-a222-3a10fa526cc9 (6d895a7f-ace7-4f39-a53e-098956dcca59) has changed to Requested event task:MESSAGE:2014-12-22 13h26.12 UTC:13452: Task 6d895a7f-ace7-4f39-a53e-098956dcca59 has been requested to start by admin event task:MESSAGE:2014-12-22 13h26.14 UTC:13466: Status of task 50172e6b-ba89-4362-a222-3a10fa526cc9 (6d895a7f-ace7-4f39-a53e-098956dcca59) has changed to Running == openvassd.log == [Mon Dec 22 13:26:19 2014][13453] Starts a new scan. Target(s) : 172.16.104.145, with max_hosts = 20 and max_checks = 4 [Mon Dec 22 13:26:19 2014][13453] Testing 172.16.104.145 (:::172.16.104.145) [13469] [Mon Dec 22 13:26:32 2014][14626] SIGSEGV occured ! [Mon Dec 22 13:26:32 2014][14626] closing logfile [Mon Dec 22 13:26:32 2014][13469] Process 14626 seems to have died too early == openvasmd.log == md main: DEBUG:2014-12-22 13h26.37 UTC:13452: report_severity: max(severity)=0.0 md main: DEBUG:2014-12-22 13h26.37 UTC:13452:command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_HwR1GE/report.xml /tmp/openvasmd_HwR1GE/report.out 2 /dev/null md main: DEBUG:2014-12-22 13h27.03 UTC:13452: report_severity: max(severity)=0.0 md main: DEBUG:2014-12-22 13h27.03 UTC:13452:command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_3scjKd/report.xml /tmp/openvasmd_3scjKd/report.out 2 /dev/null md main: DEBUG:2014-12-22 13h27.28 UTC:13452: report_severity: max(severity)=9.3 md main: DEBUG:2014-12-22 13h27.29 UTC:13452:command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_LiNI0X/report.xml /tmp/openvasmd_LiNI0X/report.out 2 /dev/null md main:WARNING:2014-12-22 13h27.29 UTC:13452: read_from_client: failed to read from client: The TLS connection was non-properly terminated. lib serv:WARNING:2014-12-22 13h27.29 UTC:13452:Failed to gnutls_bye: Error in the push function. --- Below is the output from running the script: openvas-check-setup 2.2.6 Test completeness and readiness of OpenVAS-7 (add '--v4', '--v5', '--v6' or '--v8' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 4.0.5. OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. OK: NVT collection in /var/lib/openvas/plugins contains 37302 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see
Re: [Openvas-discuss] Openvas 6 Scan dies with : SIGSEGV occured !
Some additional information: The scan seems to continue successfully on the slave, however the master openvas server shows the scan as failed with internal error. -- Traiano -Original Message- From: Traiano Welcome Sent: Monday, December 22, 2014 8:16 PM To: 'openvas-discuss@wald.intevation.org' Subject: Openvas 6 Scan dies with : SIGSEGV occured ! Hi List My scans seem to begin then fail with internal error, using the Greenbone gsa. Scanning via a slave, the scan seems to begin fine, however shortly after running it dies with the following messages: -- [Mon Dec 22 13:26:32 2014][14626] SIGSEGV occured ! [Mon Dec 22 13:26:32 2014][14626] closing logfile [Mon Dec 22 13:26:32 2014][13469] Process 14626 seems to have died too early -- I have openvas installed via yum on CentOS 6.5: -- openvas-libraries-7.0.6-15.el6.art.x86_64 openvas-cli-1.3.1-6.el6.art.x86_64 openvas-manager-5.0.7-25.el6.art.x86_64 openvas-scanner-4.0.5-17.el6.art.x86_64 openvas-1.0-13.el6.art.noarch --- I'd appreciate it if someone could shed some light on this issue! Some log context from the slave: --- [Mon Dec 22 13:25:56 2014][13446] openvassd 4.0.3 started == openvasmd.log == lib serv: DEBUG:2014-12-22 13h26.10 utc:13452:Shook hands with peer. lib serv: DEBUG:2014-12-22 13h26.10 utc:13452:Connected to server on socket 10. lib serv: DEBUG:2014-12-22 13h26.10 utc:13452:Shook hands with peer. base gpgme:MESSAGE:2014-12-22 13h26.10 UTC:13452: Setting GnuPG homedir to '/var/lib/openvas/gnupg' base gpgme:MESSAGE:2014-12-22 13h26.10 UTC:13452: Using OpenPGP engine version '2.0.14' event lsc_credential:MESSAGE:2014-12-22 13h26.10 UTC:13452: LSC Credential bf651651-d974-4bb7-855a-a695ae72d71f has been created by admin event target:MESSAGE:2014-12-22 13h26.10 UTC:13452: Target 881fbfbc-3e83-4a59-b114-27e214353fe9 has been created by admin event config:MESSAGE:2014-12-22 13h26.11 UTC:13452: Scan config 8056a4f1-e95e-410a-9998-4bf62215bd9f has been created by admin event task:MESSAGE:2014-12-22 13h26.11 UTC:13452: Status of task (6d895a7f-ace7-4f39-a53e-098956dcca59) has changed to New event task:MESSAGE:2014-12-22 13h26.11 UTC:13452: Task 6d895a7f-ace7-4f39-a53e-098956dcca59 has been created by admin event task:MESSAGE:2014-12-22 13h26.11 UTC:13452: Status of task 50172e6b-ba89-4362-a222-3a10fa526cc9 (6d895a7f-ace7-4f39-a53e-098956dcca59) has changed to Requested event task:MESSAGE:2014-12-22 13h26.12 UTC:13452: Task 6d895a7f-ace7-4f39-a53e-098956dcca59 has been requested to start by admin event task:MESSAGE:2014-12-22 13h26.14 UTC:13466: Status of task 50172e6b- ba89-4362-a222-3a10fa526cc9 (6d895a7f-ace7-4f39-a53e-098956dcca59) has changed to Running == openvassd.log == [Mon Dec 22 13:26:19 2014][13453] Starts a new scan. Target(s) : 172.16.104.145, with max_hosts = 20 and max_checks = 4 [Mon Dec 22 13:26:19 2014][13453] Testing 172.16.104.145 (:::172.16.104.145) [13469] [Mon Dec 22 13:26:32 2014][14626] SIGSEGV occured ! [Mon Dec 22 13:26:32 2014][14626] closing logfile [Mon Dec 22 13:26:32 2014][13469] Process 14626 seems to have died too early == openvasmd.log == md main: DEBUG:2014-12-22 13h26.37 UTC:13452: report_severity: max(severity)=0.0 md main: DEBUG:2014-12-22 13h26.37 UTC:13452:command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_HwR1GE/report.xml /tmp/openvasmd_HwR1GE/report.out 2 /dev/null md main: DEBUG:2014-12-22 13h27.03 UTC:13452: report_severity: max(severity)=0.0 md main: DEBUG:2014-12-22 13h27.03 UTC:13452:command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_3scjKd/report.xml /tmp/openvasmd_3scjKd/report.out 2 /dev/null md main: DEBUG:2014-12-22 13h27.28 UTC:13452: report_severity: max(severity)=9.3 md main: DEBUG:2014-12-22 13h27.29 UTC:13452:command: /bin/sh /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate /tmp/openvasmd_LiNI0X/report.xml /tmp/openvasmd_LiNI0X/report.out 2 /dev/null md main:WARNING:2014-12-22 13h27.29 UTC:13452: read_from_client: failed to read from client: The TLS connection was non-properly terminated. lib serv:WARNING:2014-12-22 13h27.29 UTC:13452:Failed to gnutls_bye: Error in the push function. --- Below is the output from running the script: openvas-check-setup 2.2.6 Test completeness and readiness of OpenVAS-7 (add '--v4', '--v5', '--v6' or '--v8' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner
Re: [Openvas-discuss] False Positives: GNU Bash Environment Variable Handling Shell RCE Vulnerability (CVE-2014-6277)
Hi
Any ideas on this at all ?
-Original Message-
From: Traiano Welcome
Sent: Saturday, October 25, 2014 4:52 PM
To: openvas-discuss@wald.intevation.org
Subject: False Positives: GNU Bash Environment Variable Handling Shell RCE
Vulnerability (CVE-2014-6277)
Hi All
I'm currently testing for false positives in openvas NVTs, and one I get
frequently is for the shellshocker vulnerability (CVE-2014-6277). However,
when I apply the manual vulnerability confirmation checks against bash I get a
confirmation that the vulnerability does not in fact exist, for example:
---
[root@lol-dev-hdpmn munin]# env 'x=() { :;}; echo vulnerable'
'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c echo test
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test
---
Is this an issue with the NVT, or OpenVAS scanning mechanism? What approach
could I use to debug this further?
Here are some details of the target system and the scan report from OpenVAS GSA:
Linux distro: CentOS release 6.5 (Final) Bash version: GNU bash, version 4.1.2
Scan NVT details:
---
Name: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) -
04
Config:
Family: General
OID:1.3.6.1.4.1.25623.1.0.802086
Version:$Revision: 739 $
Notes: 0
Overrides: 0
Summary
This host is installed with GNU Bash Shell and is prone to remote command
execution vulnerability.
Affected Software/OS
GNU Bash through 4.3 bash43-026
Vulnerability Scoring
CVSS base:
10.0
CVSS base vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Insight
GNU bash contains a flaw that is triggered when evaluating environment
variables passed from another environment. After processing a function
definition, bash continues to process trailing strings. Incomplete fix to
CVE-2014-7169, CVE-2014-6271 Vulnerability Detection Method
Login to the target machine with ssh credentials and check its possible to
execute the commands via GNU bash shell.
Impact
Successful exploitation will allow remote or local attackers to inject shell
commmands, allowing local privilege escalation or remote command execution
depending on the application vector.
Impact Level: System/Application
Solution
No solution or patch is available as of 8th October, 2014. Information
regarding this issue will be updated once the solution details are available,
For updates contact vendor or refer to http://www.gnu.org/software/bash
References
CVE:CVE-2014-6277
BID:70165
CERT: DFN-CERT-2014-1258
Other: http://osvdb.com/112158
https://shellshocker.net
http://lcamtuf.blogspot.in/2014/09/bash-bug-apply-unofficial-patch-now.html
---
I've used a set of tests from redhat's site to confirm if the target system is
vulnerable:
https://access.redhat.com/articles/1200223
Thanks in advance,
Traiano
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] ERROR: OpenVAS Scanner too old or too new: 4.0.1
Hi All I used the following process for installing openvas 6 on centos 6.5: -- # wget -q -O - http://www.atomicorp.com/installers/atomic |sh # yum install openvas # openvas-setup # openvas-certdata-sync # openvasmd --rebuild # openvasmd -- However, when I run openvas-check-setup I get this report: --- openvas-check-setup 2.2.1 Test completeness and readiness of OpenVAS-6 (add '--v4', '--v5' or '--v7' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... ERROR: OpenVAS Scanner too old or too new: 4.0.3 FIX: Please install OpenVAS Scanner 3.4. ERROR: Your OpenVAS-6 installation is not yet complete! --- As far as I can tell, OpenVAS has been installed from the atomic repos: --- [root@]# rpm -qa | grep openvas openvas-scanner-4.0.3-15.el6.art.x86_64 openvas-1.0-13.el6.art.noarch openvas-libraries-7.0.4-13.el6.art.x86_64 openvas-cli-1.3.0-5.el6.art.x86_64 openvas-manager-5.0.4-22.el6.art.x86_64 --- Here is the installation log: --- openvas-check-setup 2.2.1 Mode: desktop Date: Sat, 18 Oct 2014 17:53:21 +0300 Checking for old OpenVAS Scanner = 2.0 ... /usr/bin/openvas-check-setup: line 171: openvasd: command not found Checking presence of OpenVAS Scanner ... OpenVAS Scanner 4.0.3 Nessus origin: (C) 2004 Renaud Deraison derai...@nessus.org Most new code since OpenVAS: (C) 2013 Greenbone Networks GmbH License GPLv2: GNU GPL version 2 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Checking OpenVAS Scanner version ... ERROR: OpenVAS Scanner too old or too new: 4.0.3 FIX: Please install OpenVAS Scanner 3.4. --- How can I fix this? Many thanks in advance, Traiano ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Scan on Slave dies at 3% consistently on Master, but Still continues on Slave
Hi All [Using openVAS 6, installed from the atomic repos. On CentOS 6.5] I'm running a scan initiated from a master node to a slave node. From the masters perspective the scan seems to die at 3% consistently, with the following messages in the master's logs. However, the scan continues on the slave! Master openvasmd.log entries related to the scan task: --- event task:MESSAGE:2014-10-18 14h13.00 UTC:4086: Status of task scan-range-192.168.0 (x--xxx-x) has changed to Requested event task:MESSAGE:2014-10-18 14h13.00 UTC:4086: Task x--xxx-x has been requested to start by admin event task:MESSAGE:2014-10-18 14h13.27 UTC:4088: Status of task scan-range-192.168.0 (x--xxx-x) has changed to Running event task:MESSAGE:2014-10-18 14h33.05 UTC:4088: Status of task scan-range-192.168.0 (x--xxx-x) has changed to Internal Error md main:CRITICAL:2014-10-18 15h05.13 UTC:5192: handle_sigsegv: segmentation fault --- Traces from log on slave at around this time: --- == /var/log/openvas/openvasmd.log == . . md main:WARNING:2014-10-18 14h34.43 UTC:16730: read_from_client: failed to read from client: The TLS connection was non-properly terminated. lib serv:WARNING:2014-10-18 14h34.43 UTC:16730:Failed to gnutls_bye: Error in the push function. --- And there appear to be regular SIGSEGV errors in the openvassd logs on the slave during the scan process: --- [Sat Oct 18 14:35:19 2014][20293] SIGSEGV occured ! [Sat Oct 18 14:35:19 2014][20293] closing logfile [Sat Oct 18 14:35:19 2014][22681] Process 20293 seems to have died too early --- Is there a known cause for this kind of behavior, and how would I go about troubleshooting this further? Thanks in advance! Traiano ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] ERROR: OpenVAS Scanner too old or too new: 4.0.1
From: eero.t.voloti...@gmail.com [mailto:eero.t.voloti...@gmail.com] On Behalf Of Eero Volotinen Sent: Saturday, October 18, 2014 6:21 PM To: Traiano Welcome Cc: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] ERROR: OpenVAS Scanner too old or too new: 4.0.1 2014-10-18 18:01 GMT+03:00 Traiano Welcome traiano.welc...@alshaya.com: Hi All I used the following process for installing openvas 6 on centos 6.5: -- # wget -q -O - http://www.atomicorp.com/installers/atomic |sh # yum install openvas # openvas-setup # openvas-certdata-sync # openvasmd --rebuild # openvasmd -- However, when I run openvas-check-setup I get this report: download latest version of script from: https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup and run it with parameters -v7 Thanks, Eero! Seems to pass with all Ok now ... -- Eero ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Task started via the CLI silently refuses to run
Hi List I've preconfigured targets and tasks for openvas using the gsad, and tested scanning via the gsad. Now I'd like to kick off a scan using the openvas-cli tool with something like: --- openvas-cli -v -u admin_user -w password -S task uuid --- Getting the task uuid and status is easy (clear from the documentation): --- [root@openvas-mstr openvas]# openvas-cli -u admin -w admin -G| grep New| head -1 xx--z--xx New scan-range-192.168.0 --- However, when I try to kick off the task like this: --- [root@openvas-mstr openvas]# [root@openvas-mstr openvas]# openvas-cli -v -u -w -S xx--z--xx --- ... There's no output (even when using the verbose flag), and the status of the task is unchanged: --- [root@openvas-mstr openvas]# openvas-cli -u admin -w admin -G| grep New| head -1 xx--z--xx New scan-range-192.168.0 --- I've upped the loglevel parameter in openvasmd_log.conf to 255, however I don't see any messages around this particular uuid in the logs when I start the task via the cli. However, when I start the task via gsad, I can see the task transition to running in the logs: --- [root@openvas-mstr openvas]# tail -f /var/log/openvas/openvasmd.log| grep xx--z--xx event task:MESSAGE:2014-10-18 16h15.31 UTC:6476: Status of task scan-range-192.168.0 (xx--z--xx) has changed to Requested event task:MESSAGE:2014-10-18 16h15.31 UTC:6476: Task xx--z--xx has been requested to start by admin event task:MESSAGE:2014-10-18 16h15.58 UTC:6478: Status of task scan-range-192.168.0 (xx--z--xx) has changed to Running --- Am I going about launching the task from the CLI the right way? If so, how would I debug this further? Thanks, Traiano ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS OMP CLI Examples :Comprehensive Configuration Guide/Tutorial?
Hi Is there a through guide or tutorial on how to configure and use OMP via the cli ? The scattered examples on the net are mostly outdated and incomplete, and the documentation on this is pretty thin on actual working examples. Thanks in advance! Traiano ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] OpenVAS Scan of a single IP address generates load averages of 5
Hi List I've installed OpenVAS 7 on a single Ubuntu 14.04 EC2 instance (64bit , m3.large) in AWS's cloud, with default settings and no tuning. As an initial test, I've run a default scan against a single IP. The scan takes longer than 30 minutes to complete, and during this time the load average of the VM varies from 5 to 8 with up to 10 openvassd processes running concurrently. I've tested this on multiple instances and consistently get the same behavior. My question is: Is there some kind of tuning I can do to reduce the load of scanning a single system, without compromising too much on the comprehensiveness of the scan? Also, is there some way of gauging the kind of load I should expect to see using OpenVAS as a scanner on linux? Thanks in advance, Traiano Senior Systems Engineer | I.T M.H.Alshaya Co W.L.L Retail Division P.O.Box 181, Safat 13002, Kuwait Phone: (965) 22080110; Fax: (965) 2224 2488 www.alshaya.comhttp://www.alshaya.com/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
