Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
Who is working on bugtraq/CVE ids?
jfernandez at germinus
Nov 7, 2002, 2:44 AM
Post #1 of 2 (400 views)
Permalink
I would be willing to dedicate some time to revise the current plugins
and the CAN-CVE-Bugtraq references in them. It's quite nice to see this:

$ grep -l script_cve_id * |wc
691 691 13591
$ grep -l script_bugtraq_id * |wc
529 529 10647

Out of 1113 scripts in the current (1.3.x) CVS code. I would like to try
to have all scripts with CVE/Bugtraq references and maybe automate how
to determine when CVE references turn from CAN to CVE and to determine
CVE to Bugtraq mappings automatically. From what I see in the CVS logs
Guardent (I guess people at that company) are sending Renaud these
patches. Is help needed there? Is the process I'm describing already
automated?

Regards

Javi
Re: Who is working on bugtraq/CVE ids? [ In reply to ]
eanders at pobox
Nov 7, 2002, 8:40 AM
Post #2 of 2 (389 views)
Permalink
I am working on that but I am not a part of the Nessus group. My
company has me working on an Nessus Plugin/Script audit as well as
Nessus integration into our security product. When will I get done? Not
sure, this is "suppose to be" my primary task but I have other
priorities come up with other products I wrote and thus have to support
them a couple of days a week. My deadline is December 31st but I also
have other Nessus integration tasks to accomplish before December 31st.

We will be giving this work back to the Nessus group.

Here are a few of the current 1.2.6 stats:
1107 Total NASL scripts and Plugins
1091 NASL scripts
16 C Language Plugins
688 CVE's in NASL scripts/plugins
524 Bugtraq in NASL scripts/plugins
12 NASL scripts/plugins where their notes state they cover multiple CVE's
955 NASL scripts/plugins that have script dependencies
903 NASL scripts/plugins that port/service dependencies
1099 NASL scripts/plugins have risk factors associated with them.
All have Categories, Descriptions, Script ID's, and Summaries

I have extracted all of the current scripts data into a Microsoft Access
Database (Yea, boo, Microsoft). The DB contains an extract of all major
data from all scripts/plugins, such as name, file, description, summary,
CVE, Bug Traq ID, Category, etc...

It also contains all CVE's and CAN's in other tables.

It is about a 2 meg Winzip file. I will not spam a 2 meg attachment to
the Nessus lists so if anyone wants it email me.

Erik

Javier Fernández-Sanguino Peña wrote:

> I would be willing to dedicate some time to revise the current plugins
> and the CAN-CVE-Bugtraq references in them. It's quite nice to see this:
>
> $ grep -l script_cve_id * |wc
> 691 691 13591
> $ grep -l script_bugtraq_id * |wc
> 529 529 10647
>
> Out of 1113 scripts in the current (1.3.x) CVS code. I would like to
> try to have all scripts with CVE/Bugtraq references and maybe automate
> how to determine when CVE references turn from CAN to CVE and to
> determine CVE to Bugtraq mappings automatically. From what I see in
> the CVS logs Guardent (I guess people at that company) are sending
> Renaud these patches. Is help needed there? Is the process I'm
> describing already automated?
>
> Regards
>
> Javi
>
>
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal