I'm getting quite a few FPs on our Squid install from the likes of
fedora_2004-338.nasl, etc
They claim a Squid install is vulnerable, but we are running the latest
and I think the RPM version checking is to blame.
It has
if ( rpm_check( reference:"squid-2.5.STABLE5-4.fc2.2", release:"FC2") )
{
security_hole(0);
exit(0);
}
#otherwise vuln
Which I guess means if we are *exactly* running
squid-2.5.STABLE5-4.fc2.2, then we're OK, but as we're running
squid-2.5.STABLE9-1.FC2.2 (rather a lot newer) - we must be vulnerable?
Shouldn't such checks be extracting the version numbers out of the rpm
filenames, and then doing a simple "<" check instead? e.g. like is done
in AV pattern file number checks.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
fedora_2004-338.nasl, etc
They claim a Squid install is vulnerable, but we are running the latest
and I think the RPM version checking is to blame.
It has
if ( rpm_check( reference:"squid-2.5.STABLE5-4.fc2.2", release:"FC2") )
{
security_hole(0);
exit(0);
}
#otherwise vuln
Which I guess means if we are *exactly* running
squid-2.5.STABLE5-4.fc2.2, then we're OK, but as we're running
squid-2.5.STABLE9-1.FC2.2 (rather a lot newer) - we must be vulnerable?
Shouldn't such checks be extracting the version numbers out of the rpm
filenames, and then doing a simple "<" check instead? e.g. like is done
in AV pattern file number checks.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers