Mailing List Archive

backport.inc report_paranoia bug [PATCH]
Hi,

I think there's a bug in backport.inc in relation to the report_paranoia setting.

Backport.inc currently checks the setting in the following way:

In get_backport_banner:

paranoia = get_kb_item("global_settings/report_paranoia");
if ( paranoia == "Paranoid" ) return banner;

Also in get_php_version:

if ( paranoia == "Paranoid" ) return php_version;

So this seems to be testing for an exact match of "Paranoid".

In global_settings.nasl, the paranoia preference is populated as follows:

script_add_preference(name:"Report paranoia", type:"radio", value:"Normal;Avoid false alarms;Paranoid (more false alarms)");

This is reflected in the client nessusrc, and in the KB when the paranoid option is chosen:

1170673365 1 global_settings/report_paranoia=Paranoid (more false alarms)


It seems that this mismatch ( "Paranoid (more false alarms)" != "Paranoid" ) is causing backport.inc to function incorrectly.

When paranoia is set to Paranoid (more false alarms), the backport.inc functions should return the banners unchanged,
however because the setting is not being checked correctly it's still returning substituted banners and the plugins are not firing.
The user gets "Normal" paranoia behaviour even though "Paranoid (more false alarms)" was chosen.

I've seen this on several plugins which use the backport functions, e.g. 14748, 12239, 12255, 11507 etc.

Using a patched backport.inc (see attachment), all of these plugins fire as expected when paranoia is set to high.

The patch modifies backport.inc to check report_paranoia in the same way most plugins do it - include global_settings.inc and then check the global var report_paranoia, rather than checking the string stored in the KB.


Regards,

--
Hubert Seiwert

Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
Re: backport.inc report_paranoia bug [PATCH] [ In reply to ]
On Feb 5, 2007, at 7:07 PM, Hubert Seiwert wrote:

> Hi,
>
> I think there's a bug in backport.inc in relation to the
> report_paranoia setting.


You're correct. This has been fixed, thank you.


-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers