Mailing List Archive: Nessus Script ID: 20862 version 1.11: Contain A Bug?

Nessus Script ID: 20862 version 1.11: Contain A Bug?

nessusd at nemesis316

Nov 27, 2006, 5:50 PM

Post #1 of 6 (3369 views)

Hello All,

Nessus Version: 2.2.7

The scripts that depend on Script ID 20862 version 1.11 (mozilla_org_installed.nasl) do not report vulnerabilities.

If I use Script ID 20862 version 1.9, the scripts that depend on it, report correctly.

Could someone provide insight on the problem?

Thanks,

Paul

Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [ In reply to ]

theall at tenablesecurity

Nov 27, 2006, 6:08 PM

Post #2 of 6 (3268 views)

On Mon, Nov 27, 2006 at 07:50:24PM -0600, Paul Bellefeuille wrote:

> The scripts that depend on Script ID 20862 version 1.11
> (mozilla_org_installed.nasl) do not report vulnerabilities.
...
> If I use Script ID 20862 version 1.9, the scripts that depend on it,
> report correctly.
...
> Could someone provide insight on the problem?

Is that plugin reporting the version info correctly? What about saving
it in a KB?

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [ In reply to ]

nessusd at nemesis316

Nov 27, 2006, 9:26 PM

Post #3 of 6 (3280 views)

>>>Is that plugin reporting the version info correctly? What about saving it
>>>in a KB?

Using "display" statements the plugin reports the version correctly from the
registry. However the plugin does not report the file version correctly. In
addition, the only KB item saved is, "Launched/20862=1".

----- Original Message -----
From: Paul Bellefeuille
To: plugins-writers@list.nessus.org
Sent: Monday, November 27, 2006 7:50 PM
Subject: Nessus Script ID: 20862 version 1.11: Contain A Bug?

Hello All,

Nessus Version: 2.2.7

The scripts that depend on Script ID 20862 version 1.11
(mozilla_org_installed.nasl) do not report vulnerabilities.

If I use Script ID 20862 version 1.9, the scripts that depend on it, report
correctly.

Could someone provide insight on the problem?

Thanks,
Paul

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [ In reply to ]

theall at tenablesecurity

Nov 28, 2006, 3:42 AM

Post #4 of 6 (3280 views)

On Mon, Nov 27, 2006 at 11:26:42PM -0600, Paul Bellefeuille wrote:

> Using "display" statements the plugin reports the version correctly from
> the registry. However the plugin does not report the file version
> correctly.

You mean you're displaying the value of 'ver' as taken from the
'CurrentVersion' registry setting, right? Is the plugin also getting the
name of the EXE correctly?

Also, which Mozilla products / versions are involved?

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [ In reply to ]

nessusd at nemesis316

Nov 28, 2006, 8:13 AM

Post #5 of 6 (3278 views)

>>>You mean you're displaying the value of 'ver' as taken from the
>>>'CurrentVersion' registry setting, right? Is the plugin also getting the
>>>name of the EXE correctly?

Yes

>>>>Also, which Mozilla products / versions are involved?

Firefox version 1.0 PR
Thunderbird version 1.0.5
Firefox version 1.5
Thunderbird version 1.5.02

Below contains some addition information.

>From nessusd.dump:

share: C$
exe2: \Program Files\Mozilla Firefox\firefox.exe
fh: [ 0: 16385, 1: 'cLm' ]
ret: [. wValueLength: 52, dwFileFlagsMask: 63, wType: 0, dwFileOS: 4,
dwFileDateLS: 0, dwStrucVersion: 65536, dwProductVersionLS: 0, Padding1: 0,
dwFileVersionMS: 65544, dwFileFlags: 0, szKey: 'VS_VERSION_INFO',
dwFileDateMS: 0, dwProductVersionMS: 65541, dwFileType: 2, wLength: 856,
dwFileSubtype: 0, dwSignature: -17890115, dwFileVersionLS: 1314073452 ]
children:

Source snipplet:

display("share: ",share,"\n");
display("exe2: ",exe2,"\n");
display("fh: ",fh,"\n");

ver = NULL;
if (!isnull(fh))
{
ret = GetFileVersionEx(handle:fh);
CloseFile(handle:fh);

display("ret: ",ret,"\n");

if (!isnull(ret)) children = ret['Children'];

display("children: ",children,"\n");
if (!isnull(children))
{
varfileinfo = children['VarFileInfo'];
if (!isnull(varfileinfo))

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [ In reply to ]

theall at tenablesecurity

Nov 28, 2006, 8:49 AM

Post #6 of 6 (3291 views)

On Tue, Nov 28, 2006 at 10:13:44AM -0600, Paul Bellefeuille wrote:

> Firefox version 1.0 PR
> Thunderbird version 1.0.5
> Firefox version 1.5
> Thunderbird version 1.5.02

Hmm, I just installed Firefox 1.5 and Thunderbird 1.5.0.2 on a lab
machine and ran the plugin; it reported the versions correctly.

> exe2: \Program Files\Mozilla Firefox\firefox.exe
> fh: [ 0: 16385, 1: 'cLm' ]
> ret: [. wValueLength: 52, dwFileFlagsMask: 63, wType: 0, dwFileOS: 4,
> dwFileDateLS: 0, dwStrucVersion: 65536, dwProductVersionLS: 0, Padding1:
> 0, dwFileVersionMS: 65544, dwFileFlags: 0, szKey: 'VS_VERSION_INFO',
> dwFileDateMS: 0, dwProductVersionMS: 65541, dwFileType: 2, wLength: 856,
> dwFileSubtype: 0, dwSignature: -17890115, dwFileVersionLS: 1314073452 ]
> children:

Now that's different from what I see. Which version of Firefox was this
for? Any chance you could point me to or supply me with the distribution
file used to install it? Or just the exe itself?

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers