The following preference settings are supposed to add information to
the
PLUGIN_LIST message in NTP/1.2:
plugins_bugtraq_id
plugins_cve_id
plugins_xrefs
I was having some trouble making this work, and I did some poking
around
in the code and discovered the following:
1. The PLUGIN_LIST is dumped immediately when the client logs on, before
the client sends it's preference list.
2. There is no way to enable the extra info in the nessusd.conf file, it
has to be done using the PREFERENCES message sent from the client.
3. There is no way to make the server resend the PLUGIN_LIST (at least
to my knowledge).
The result of this is that it is actually not possible to enable the
extra info, ever. Or am I missing something here?
There are several ways to fix this:
1. Add the plugins_* variables to the variables read from the
nessusd.conf file. This is a quick and easy fix.
2. Make it possible for the client to retrigger the PLUGIN_LIST message
from the server. This would create nearly twice the network traffic,
and does seem like a suboptimal solution.
If this is something that should be addressed, let me know which
approach is preferable and I'll fix it.
On a closely related subject: Are the any plans for deprecating the
script_bugtraq_id() and script_cve_id() functions now that there's a
more generic script_xref() function?
--
Jan Fredrik Leversund <jfl@phalanx.no>
Phalanx Security Services <URL:http://www.phalanx.no/>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
the
PLUGIN_LIST message in NTP/1.2:
plugins_bugtraq_id
plugins_cve_id
plugins_xrefs
I was having some trouble making this work, and I did some poking
around
in the code and discovered the following:
1. The PLUGIN_LIST is dumped immediately when the client logs on, before
the client sends it's preference list.
2. There is no way to enable the extra info in the nessusd.conf file, it
has to be done using the PREFERENCES message sent from the client.
3. There is no way to make the server resend the PLUGIN_LIST (at least
to my knowledge).
The result of this is that it is actually not possible to enable the
extra info, ever. Or am I missing something here?
There are several ways to fix this:
1. Add the plugins_* variables to the variables read from the
nessusd.conf file. This is a quick and easy fix.
2. Make it possible for the client to retrigger the PLUGIN_LIST message
from the server. This would create nearly twice the network traffic,
and does seem like a suboptimal solution.
If this is something that should be addressed, let me know which
approach is preferable and I'll fix it.
On a closely related subject: Are the any plans for deprecating the
script_bugtraq_id() and script_cve_id() functions now that there's a
more generic script_xref() function?
--
Jan Fredrik Leversund <jfl@phalanx.no>
Phalanx Security Services <URL:http://www.phalanx.no/>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.