Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
Information Gathering Scripts and BugtraqID/CVE
eanders at pobox
Dec 12, 2002, 10:16 AM
Post #1 of 1 (271 views)
Permalink
General Question:

With Information Gathering scripts what do you want done with
BugtraqIDs/CVEs/CANs?

Example

healthd_detect.nasl

******************
desc["english"] = "The FreeBSD Health Daemon was detected.
The HealthD provides remote administrators with information about the
current hardware temperature, fan speed, etc, allowing them to monitor
the status of the server.

Such information about the hardware's current state might be sensitive;
it is recommended that you do not allow access to this service from the
network.

Solution: Configure your firewall to block access to this port.

Risk factor : Low";
*******************

This script merely detects the presence of the Health Daemon.

However there are vulnerabilities with this program/service.

http://online.securityfocus.com/bid/1107

Even though this vulnerability is not tested for this is a generic info
gathering script. Should vulnerabilities be listed in scripts such as
these?

When is Nessus/NASL going to support for multiple CVEs/BugtraqIDs? I
have one script that tests for 7 vulns.

Erik

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal