[Openvas-devel] Solaris Local Security Checks
Michael Wiegand
michael.wiegand at intevation.de
Mon Nov 17 15:12:50 CET 2008
* Tim Brown [ 3. Nov 2008]:
> Whilst the plugins themselves (and solaris.inc) are, I believe correct, the
> limited testing I have done this far, indicates a problem with
> gather-package-list.nasl which is used to gather the information and set
> knowledge base entries on which these checks depend. I'm going to be very
> busy with work for the next 5 weeks and so I'd invite any of you that have
> access to Solaris boxes to have a play and see if the problems I experienced
> can be resolved.
Good news everyone,
I found the bug in gather-package-list.nasl and was able to retrieve a
package list from a Solaris box. The checks seem to have been executed as
well, but they don't seem to return a message just yet if I'm not
mistaken.
I've attached a KB of the test run in case anyone is interested.
The cause of the bug was the SuSE detection in gather-package-list.nasl;
it evaluated
("SUSE"><toupper(ssh_cmd(socket:sock, cmd:"cat /etc/SuSE-release")))
which is always true on most platforms (hint: Try 'cat
/etc/SuSE-release' on a non-SuSE system, uppercase the output of cat and
compare it to "SUSE"). I have commented out the SuSE test for now, it
would be great if someone with access to a SuSE system could write a
more reliable test.
Regards,
Michael
--
Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: solaris-kb.txt.bz2
Type: application/octet-stream
Size: 30076 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20081117/bc3b6d74/solaris-kb.txt-0001.obj
More information about the Openvas-devel
mailing list