Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
Missing CVE IDs
k.s.jayesh at gmail
Jul 4, 2005, 7:24 AM
Post #1 of 3 (538 views)
Permalink
Hi,

I was just going through some of the plugins and noticed that many of
them were not having any CVE IDs at the time of writing but later got
assigned, which are not updated in the plugins.
I have made a partial list of such scripts and their CVE ID's . I
think there are many other such scripts that do not have CVE ID's. I
thought it would be beneficial for all. Is this exercise worth
carrying out? Any thoughts?


basilix_arbitrary_file_disclosure.nasl CAN-2002-1710 BID-5062
basilix_attachment_disclosure.nasl CAN-2002-1711 BID-5065
basilix_message_content_script_injection.nasl CAN-2002-1708 BID-5060
basilix_sql_injection.nasl CAN-2002-1709 BID-5061
bookreview_xss.nasl CAN-2005-1782 BID-13783
cherokee_dir_traversal.nasl CAN-2001-1433 CAN-2001-1432
BID-3771,3772
cherokee_remote_cmd.nasl CAN-2001-1433 BID-3771,3773
easy_message_board_cmd_exec.nasl CAN-2005-1549 BID-13555, 13551
CAN-2005-1550
episodex_guestbook.nasl CAN-2005-1684 BID-13692, 13693
delegate_overflow2.nasl CAN-2005-0759, CAN-2005-0760,
CAN-2005-0761 BID-12867
cutenews_show_news_xss.nasl CAN-2004-0660 BID-10620, 10750
calendarix_sql.nasl CAN-2005-1865 BID-13825, 13826
calendar_scheduler_xss.nasl CAN-2005-0872 BID-12893


Regards,
Jayesh KS.
Re: Missing CVE IDs [ In reply to ]
theall at tenablesecurity
Jul 4, 2005, 10:54 AM
Post #2 of 3 (536 views)
Permalink
On Mon, Jul 04, 2005 at 07:54:08PM +0530, Jayesh KS wrote:

> I was just going through some of the plugins and noticed that many of
> them were not having any CVE IDs at the time of writing but later got
> assigned, which are not updated in the plugins.
> I have made a partial list of such scripts and their CVE ID's . I
> think there are many other such scripts that do not have CVE ID's. I
> thought it would be beneficial for all. Is this exercise worth
> carrying out?

This is one of the tasks I've been working on, time permitting.
Unfortunately, it's a tedious process as each change needs to be
reviewed manually. Not only do people make mistakes (eg, the CVEs you
claim are for delegate_overflow2.nasl are really for ImageMagick), but
even Mitre and Security Focus sometimes do too.

In short, someone's already looking into the omissions / errors, but if
you want to do so too, feel free -- four eyes are better than two.

George
--
theall@tenablesecurity.com
Re: Missing CVE IDs [ In reply to ]
theall at tenablesecurity
Jul 4, 2005, 11:00 AM
Post #3 of 3 (515 views)
Permalink
On Mon, Jul 04, 2005 at 07:54:08PM +0530, Jayesh KS wrote:

> I was just going through some of the plugins and noticed that many of
> them were not having any CVE IDs at the time of writing but later got
> assigned, which are not updated in the plugins.
> I have made a partial list of such scripts and their CVE ID's .

I forgot to mention... I have applied your changes (except for the ones
you list for delegate_overflow2.nasl); they should make their way into
the latest bundle of plugins in an hour or two.

George
--
theall@tenablesecurity.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal