Hi,
I noticed that 9 plugins seem to be checking the variable paranoia_level:
# grep -R paranoia_level .
./3ctftpsvc_mode_overflow.nasl:if (paranoia_level < 2) exit(0);
./alibaba_overflow.nasl: if ( paranoia_level < 2 ) exit(0);
./at_tftpd_long_filename_overflow.nasl:if (paranoia_level < 2) exit(0);
./ibm_tpmfosd_tftpd_blocksize_dos.nasl: paranoia_level < 2 &&
./listmanager_errormsg_info_disclosure.nasl: paranoia_level < 2 &&
./openssl_overflow_generic_test.nasl:if ( safe_checks() &&
paranoia_level < 2 ) exit(0);
./ssltest.nasl: if ( paranoia_level > 1 )
./tftpd32_filename_overflow.nasl:if (paranoia_level < 2) exit(0);
./tftpd32_format_string.nasl:if ( paranoia_level < 2 ) exit(0);
I believe this is incorrect, as global_settings.inc only defines the
variable report_paranoia:
report_paranoia = 1;
__gs_opt = get_kb_item("global_settings/report_paranoia");
if (__gs_opt)
{
if ("Avoid false alarms" >< __gs_opt) report_paranoia = 0;
else if ("Normal" >< __gs_opt) report_paranoia = 1;
else if ("Paranoid" >< __gs_opt) report_paranoia = 2;
}
paranoia_level does not seem to be defined anywhere, and nearly 400
other plugins check report_paranoia.
This means that currently, none of the NASLs listed above will give the
'paranoid' behaviour, even if the Paranoid option is chosen.
Regards,
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
I noticed that 9 plugins seem to be checking the variable paranoia_level:
# grep -R paranoia_level .
./3ctftpsvc_mode_overflow.nasl:if (paranoia_level < 2) exit(0);
./alibaba_overflow.nasl: if ( paranoia_level < 2 ) exit(0);
./at_tftpd_long_filename_overflow.nasl:if (paranoia_level < 2) exit(0);
./ibm_tpmfosd_tftpd_blocksize_dos.nasl: paranoia_level < 2 &&
./listmanager_errormsg_info_disclosure.nasl: paranoia_level < 2 &&
./openssl_overflow_generic_test.nasl:if ( safe_checks() &&
paranoia_level < 2 ) exit(0);
./ssltest.nasl: if ( paranoia_level > 1 )
./tftpd32_filename_overflow.nasl:if (paranoia_level < 2) exit(0);
./tftpd32_format_string.nasl:if ( paranoia_level < 2 ) exit(0);
I believe this is incorrect, as global_settings.inc only defines the
variable report_paranoia:
report_paranoia = 1;
__gs_opt = get_kb_item("global_settings/report_paranoia");
if (__gs_opt)
{
if ("Avoid false alarms" >< __gs_opt) report_paranoia = 0;
else if ("Normal" >< __gs_opt) report_paranoia = 1;
else if ("Paranoid" >< __gs_opt) report_paranoia = 2;
}
paranoia_level does not seem to be defined anywhere, and nearly 400
other plugins check report_paranoia.
This means that currently, none of the NASLs listed above will give the
'paranoid' behaviour, even if the Paranoid option is chosen.
Regards,
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers