Mailing List Archive

On Mon, Nov 11, 2002 at 12:14:16PM -0600, Erik Anderson wrote:
> I saw a posting easlier for new 1.3.0 features about adding script
> support when a NASL script tests for multiple CVE/CAN's.
> Example:
> script_cve_id("CVE-1999-0832", "CVE-2000-0845");
>
> Can you also add support for multiple Bugtraq ID's?
> Example:
> script_bugtraq_id(84, 2715);

This will be done. If we are brave enough and on schedule, we might also
start to set up a new layout for the plugins (in XML, as discussed many
times on this list).

Also (but not a requirement) it would be nice to standardize URL/LINKS
> that are available in the scripts.
> Example:
> script_help_url("http://online.securityfocus.com/archive/1/184548,
> "http://online.securityfocus.com/bid/2715");

That will be done in the XML-ized plugins.


-- Renaud

Mensaje citado por Erik Anderson <eanders@pobox.com>:

(...)
> script_help_url("http://online.securityfocus.com/archive/1/184548,
> "http://online.securityfocus.com/bid/2715");

The links to securityfocus' database (online.securityfocus.com/bid/#BID#) should
be done automatically IMHO.

>
> This way it would allow Nessus to display Links in a standardized format
> as well as make it easier to parse the results. In addition it would be
> easier to manage dead links (as I am running into a lot of those).

Sounds reasonable :)

Javi

Javier Fernández-Sanguino Peña wrote:

>Mensaje citado por Erik Anderson <eanders@pobox.com>:
>
>(...)
>
>
>>script_help_url("http://online.securityfocus.com/archive/1/184548,
>>"http://online.securityfocus.com/bid/2715");
>>
>>
>
>The links to securityfocus' database (online.securityfocus.com/bid/#BID#) should
>be done automatically IMHO.
>
>
Agreed. The Bugtraq ID URL link should be automatically done by the
reporting process thus if the database location moves one code change
can fix all the Bugtraq links.
However the archive links to the original Bugtraq emails can not be done
automatically. Those you have to dig for.

The NASL scripts that are missing the CVE/CAN/BugtraqID's I am adding
links into the scripts. This provides the end user a far easier time
because some of those buggers are difficult to dig for. There are quite
a few vulnerabilities these scripts test for for which there is no
CVE/CAN/BugtraqID's.

Examples:
p-smash.nasl
proftpd_exhaust.nasl

IMHO: These type of scripts need manual links to Bugtraq archived
messages and/or Microsoft Q messages.

IMNSHO: Testing for the vulnerability is only 1/2 the battle. Providing
more information back to the end user on what the actual vulnerability
encompasses is the key.

>
>
>>This way it would allow Nessus to display Links in a standardized format
>>as well as make it easier to parse the results. In addition it would be
>>easier to manage dead links (as I am running into a lot of those).
>>
>>
>
>Sounds reasonable :)
>
>Javi
>
>
>
>
>
>

>
> IMHO: These type of scripts need manual links to Bugtraq archived
> messages and/or Microsoft Q messages.


I agree with you here.

>
> IMNSHO: Testing for the vulnerability is only 1/2 the battle.
> Providing more information back to the end user on what the actual
> vulnerability encompasses is the key.

An also here. One of the things I would like to be able to do easily is
to have a database with all the information of a given scan so it can be
used to bug administrators responsible for the systems that have been
audit. That way you can have an unmanaged vulnerability assesment
scanner audit from time to time the network and mail admins the changes
that have been detected.

Regards

Javi