Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-20 Thread r.m6 
God Morning!

Thanks a lot Ben for the quick fix! We will wait for the deb repos
update. This will make our openVAS life a lot easier! :)



> If you have the possibility to build from source, the following
> revision (one per openvas release) should fix that issue:
>
> - OpenVAS-8:  28715
> - OpenVAS-9:  28714
> - Trunk:  28713
>
> The next tarball release will include the fixes. They will be
> released promptly.
>
> Thanks again for reporting the issue (again).
>
> Best Regards,
> Ben.

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-19 Thread Benoît Allard 
On Mon, 19 Jun 2017 14:28:11 +0200
Benoît Allard  wrote:

> On Mon, 19 Jun 2017 09:22:11 +0200
> "r.m6"  wrote:
> 
> > Hi Christian,
> > 
> > did you get any feedback in the meanwhile - or did you find a
> > solution? Is there any official instance to report bugs to? I am
> > wondering why this problem is not more visible in the community. It
> > is extremely distracting if you try to use openVAS in daily
> > business.
> > 
> > Is there anybody in the community who does NOT see the described
> > problem? This information would be very valuable too because it
> > could give some hints if it is a general bug or if it only happens
> > in some configuration.
> > 
> > Many thanks in advance!
> 
> I was able to reproduce it on a greenbone appliance as well. We are
> working on a fix. Thank you very much for reporting. I'm sorry we
> previously missed it.
> 
> For issues with a security relevance, you can send a mail to
> . I believe that is your best option. For
> issues with a smaller impact, reporting here, or on -devel is a good
> start. Pinging us on irc might work as well, sometimes.
> 
> There is a bug-tracker on wald. Unfortunately it's not widely used,
> neither by the developers, nor by the community. Buying an appliance,
> though would give you access to the customer portal. Maybe you can
> arrange an access to it by contacting sales . I
> cannot speak on their behalf.
> 
> I'll let you know when the fix lands in the repository.
> 

If you have the possibility to build from source, the following
revision (one per openvas release) should fix that issue:

- OpenVAS-8:  28715
- OpenVAS-9:  28714
- Trunk:  28713

The next tarball release will include the fixes. They will be
released promptly.

Thanks again for reporting the issue (again).

Best Regards,
Ben.


pgpAr2q_uAJSx.pgp
Description: OpenPGP digital signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-19 Thread Ebert, Christian 
Hi,

unfortunately I didn't get any response.

It should not be a configuration issue, because we found this problem on all 
our servers (production) AND on a fresh installation of OpenVAS 9 under Kali 
(out of the box).

We made a workaround, whichs works for us, but might not help in other 
situations:

We use the comment field for the interface description and start a script to 
bring the interface up before we start the scan and bring the interface down 
afterwards.

Maybe someone at Greenbone can give us some more information about that 
problem...

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing
 
QSC AG
Mathias-Brüggen-Straße 55
50829 Köln
 
T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de 
 
Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de 
Themen-Blog zur Digitalisierung unter http://digitales-wirtschaftswunder.de

 
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben
 

Am 19.06.2017 um 09:22 schrieb r.m6 :

Hi Christian,

did you get any feedback in the meanwhile - or did you find a solution? Is 
there any official instance to report bugs to? I am wondering why this problem 
is not more visible in the community. It is extremely distracting if you try to 
use openVAS in daily business.

Is there anybody in the community who does NOT see the described problem? This 
information would be very valuable too because it could give some hints if it 
is a general bug or if it only happens in some configuration.

Many thanks in advance!

> On 09.06.2017 10:33, Ebert, Christian wrote:
> Hi everyone,
> 
> we experienced exactly the same problem here. It happens in OpenVAS 8 
> (Debian8, Debian 9) as well as in OpenVAS 9 (Kali rolling release).
> 
> I did report that to this mailing list, but didn't get any response.
> 
> Best regards
> 
> Christian Ebert
> Chief Security Analyst, CISM, T.I.S.P.
> Head of Penetration Testing
>  
> QSC AG
> Mathias-Brüggen-Straße 55
> 50829 Köln
>  
> T  +49 221 669-8950
> F  +49 221 669-85950
> M  +49 163 6698950
> christian.eb...@qsc.de
> http://www.qsc.de 
>  
> Besuchen Sie unsere Blogs:
> Corporate Blog unter http://blog.qsc.de 
> Themen-Blog zur Digitalisierung unter http://digitales-wirtschaftswunder.de
> 
>  
> Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
> http://www.qsc.de/pflichtangaben
>  
> 
> Am 09.06.2017 um 08:46 schrieb r.m6 :
> 
> Dear openVAS Community,
> 
> we are using an openVAS 8 installation (ubuntu 16.04 server) with
> multiple scan interfaces (eth0, gre1, gre2) for vulnerability scanning.
> 
> Some tasks are configured for "Network Source Interface" (in the Web UI
> "Edit Task" dialog) eth0, some others for gre
> 
> We have observed that if the field "Network Source Interface" is (by
> accident) left blank when creating a new or editing an existing task,
> openVAS resets ALL other existing tasks for all OTHER openVAS user
> accounts on this openVAS instance to blank. This results in scanning
> from eth0 (the default) for ALL existing tasks - which is extremely
> annoying for scheduled tasks because the results are messed up, alerts
> are sent (because of the changed scan score) and each user has to repair
> each single task.
> 
> Did anyone else observe this behavior or - preferred :) - has a solution
> for this problem?
> 
> Many thanks in advance!
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-19 Thread Benoît Allard 
On Mon, 19 Jun 2017 09:22:11 +0200
"r.m6"  wrote:

> Hi Christian,
> 
> did you get any feedback in the meanwhile - or did you find a
> solution? Is there any official instance to report bugs to? I am
> wondering why this problem is not more visible in the community. It
> is extremely distracting if you try to use openVAS in daily business.
> 
> Is there anybody in the community who does NOT see the described
> problem? This information would be very valuable too because it could
> give some hints if it is a general bug or if it only happens in some
> configuration.
> 
> Many thanks in advance!

I was able to reproduce it on a greenbone appliance as well. We are
working on a fix. Thank you very much for reporting. I'm sorry we
previously missed it.

For issues with a security relevance, you can send a mail to
. I believe that is your best option. For
issues with a smaller impact, reporting here, or on -devel is a good
start. Pinging us on irc might work as well, sometimes.

There is a bug-tracker on wald. Unfortunately it's not widely used,
neither by the developers, nor by the community. Buying an appliance,
though would give you access to the customer portal. Maybe you can
arrange an access to it by contacting sales . I
cannot speak on their behalf.

I'll let you know when the fix lands in the repository.

Regards,
Ben

> 
> 
> On 09.06.2017 10:33, Ebert, Christian wrote:
> > Hi everyone,
> >
> > we experienced exactly the same problem here. It happens in OpenVAS
> > 8 (Debian8, Debian 9) as well as in OpenVAS 9 (Kali rolling
> > release).
> >
> > I did report that to this mailing list, but didn't get any response.
> >
> > Best regards
> >
> > Christian Ebert
> >
> > Chief Security Analyst, CISM, T.I.S.P.
> >
> > Head of Penetration Testing
> >
> >  
> >
> > QSC AG
> >
> > Mathias-Brüggen-Straße 55 
> >
> > 50829 Köln 
> >
> >  
> >
> > T  +49 221 669-8950 
> >
> > F  +49 221 669-85950 
> >
> > M  +49 163 6698950 
> >
> > christian.eb...@qsc.de 
> >
> > http://www.qsc.de  
> >
> >  
> >
> > Besuchen Sie unsere Blogs:
> > Corporate Blog unter _http://blog.qsc.de _ 
> > Themen-Blog zur Digitalisierung
> > unter _http://digitales-wirtschaftswunder.de
> > _
> >
> >  
> >
> > Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
> >
> > http://www.qsc.de/pflichtangaben
> >
> >  
> >
> >
> > Am 09.06.2017 um 08:46 schrieb r.m6  > >:
> >
> > Dear openVAS Community,
> >
> > we are using an openVAS 8 installation (ubuntu 16.04 server) with
> > multiple scan interfaces (eth0, gre1, gre2) for vulnerability
> > scanning.
> >
> > Some tasks are configured for "Network Source Interface" (in the
> > Web UI "Edit Task" dialog) eth0, some others for gre
> >
> > We have observed that if the field "Network Source Interface" is (by
> > accident) left blank when creating a new or editing an existing
> > task, openVAS resets ALL other existing tasks for all OTHER openVAS
> > user accounts on this openVAS instance to blank. This results in
> > scanning from eth0 (the default) for ALL existing tasks - which is
> > extremely annoying for scheduled tasks because the results are
> > messed up, alerts are sent (because of the changed scan score) and
> > each user has to repair each single task.
> >
> > Did anyone else observe this behavior or - preferred :) - has a
> > solution for this problem?
> >
> > Many thanks in advance!
> >
> > ___
> > Openvas-discuss mailing list
> > Openvas-discuss@wald.intevation.org
> > 
> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> 



pgpc4OR_3BVXq.pgp
Description: OpenPGP digital signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-19 Thread r.m6 
Hi Christian,

did you get any feedback in the meanwhile - or did you find a solution?
Is there any official instance to report bugs to? I am wondering why
this problem is not more visible in the community. It is extremely
distracting if you try to use openVAS in daily business.

Is there anybody in the community who does NOT see the described
problem? This information would be very valuable too because it could
give some hints if it is a general bug or if it only happens in some
configuration.

Many thanks in advance!


On 09.06.2017 10:33, Ebert, Christian wrote:
> Hi everyone,
>
> we experienced exactly the same problem here. It happens in OpenVAS 8
> (Debian8, Debian 9) as well as in OpenVAS 9 (Kali rolling release).
>
> I did report that to this mailing list, but didn't get any response.
>
> Best regards
>
> Christian Ebert
>
> Chief Security Analyst, CISM, T.I.S.P.
>
> Head of Penetration Testing
>
>  
>
> QSC AG
>
> Mathias-Brüggen-Straße 55 
>
> 50829 Köln 
>
>  
>
> T  +49 221 669-8950 
>
> F  +49 221 669-85950 
>
> M  +49 163 6698950 
>
> christian.eb...@qsc.de 
>
> http://www.qsc.de  
>
>  
>
> Besuchen Sie unsere Blogs:
> Corporate Blog unter _http://blog.qsc.de _ 
> Themen-Blog zur Digitalisierung
> unter _http://digitales-wirtschaftswunder.de
> _
>
>  
>
> Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
>
> http://www.qsc.de/pflichtangaben
>
>  
>
>
> Am 09.06.2017 um 08:46 schrieb r.m6  >:
>
> Dear openVAS Community,
>
> we are using an openVAS 8 installation (ubuntu 16.04 server) with
> multiple scan interfaces (eth0, gre1, gre2) for vulnerability scanning.
>
> Some tasks are configured for "Network Source Interface" (in the Web UI
> "Edit Task" dialog) eth0, some others for gre
>
> We have observed that if the field "Network Source Interface" is (by
> accident) left blank when creating a new or editing an existing task,
> openVAS resets ALL other existing tasks for all OTHER openVAS user
> accounts on this openVAS instance to blank. This results in scanning
> from eth0 (the default) for ALL existing tasks - which is extremely
> annoying for scheduled tasks because the results are messed up, alerts
> are sent (because of the changed scan score) and each user has to repair
> each single task.
>
> Did anyone else observe this behavior or - preferred :) - has a solution
> for this problem?
>
> Many thanks in advance!
>
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-09 Thread Ebert, Christian 
Hi everyone,

we experienced exactly the same problem here. It happens in OpenVAS 8 (Debian8, 
Debian 9) as well as in OpenVAS 9 (Kali rolling release).

I did report that to this mailing list, but didn't get any response.

Best regards

Christian Ebert
Chief Security Analyst, CISM, T.I.S.P.
Head of Penetration Testing
 
QSC AG
Mathias-Brüggen-Straße 55
50829 Köln
 
T  +49 221 669-8950
F  +49 221 669-85950
M  +49 163 6698950
christian.eb...@qsc.de
http://www.qsc.de 
 
Besuchen Sie unsere Blogs:
Corporate Blog unter http://blog.qsc.de 
Themen-Blog zur Digitalisierung unter http://digitales-wirtschaftswunder.de

 
Bitte finden Sie hier die handelsrechtlichen Pflichtangaben:
http://www.qsc.de/pflichtangaben
 

Am 09.06.2017 um 08:46 schrieb r.m6 :

Dear openVAS Community,

we are using an openVAS 8 installation (ubuntu 16.04 server) with
multiple scan interfaces (eth0, gre1, gre2) for vulnerability scanning.

Some tasks are configured for "Network Source Interface" (in the Web UI
"Edit Task" dialog) eth0, some others for gre

We have observed that if the field "Network Source Interface" is (by
accident) left blank when creating a new or editing an existing task,
openVAS resets ALL other existing tasks for all OTHER openVAS user
accounts on this openVAS instance to blank. This results in scanning
from eth0 (the default) for ALL existing tasks - which is extremely
annoying for scheduled tasks because the results are messed up, alerts
are sent (because of the changed scan score) and each user has to repair
each single task.

Did anyone else observe this behavior or - preferred :) - has a solution
for this problem?

Many thanks in advance!

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss


smime.p7s
Description: S/MIME cryptographic signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] nic definition blanked for all tasks if undefined in Web UI dialog for a single NEW task during creation

2017-06-09 Thread r.m6 
Dear openVAS Community,

we are using an openVAS 8 installation (ubuntu 16.04 server) with
multiple scan interfaces (eth0, gre1, gre2) for vulnerability scanning.

Some tasks are configured for "Network Source Interface" (in the Web UI
"Edit Task" dialog) eth0, some others for gre

We have observed that if the field "Network Source Interface" is (by
accident) left blank when creating a new or editing an existing task,
openVAS resets ALL other existing tasks for all OTHER openVAS user
accounts on this openVAS instance to blank. This results in scanning
from eth0 (the default) for ALL existing tasks - which is extremely
annoying for scheduled tasks because the results are messed up, alerts
are sent (because of the changed scan score) and each user has to repair
each single task.

Did anyone else observe this behavior or - preferred :) - has a solution
for this problem?

Many thanks in advance!

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss