[Openvas-devel] [Openvas-plugins] Solaris Local Security Checks

Michael Wiegand michael.wiegand at intevation.de
Wed Nov 19 08:44:01 CET 2008


* Tim Brown [19. Nov 2008]:
> security_note(port:port, data:uname);
> osversion = ssh_cmd(socket:sock, cmd:"uname -r");
> ...
> 
> However, it appears that osversion etc never get populated. 

Odd. Just to clarify:
- Is osversion *never* populated or *not always*?
- Do uname -r etc yield reasonable output on your target system?

> If I reorder the script so that the Solaris checks are carried out
> directly after the initial uname then it works.
> 
> In essence, the later ssh_cmd do not appear to run correctly.

Yes, I'm suspecting this too. I think it has something to do with the
way ssh_func.inc handles connections in ssh_reuse_connection(). There
were some changes in there which seem to cause problem with ssh_cmd
acquiring the shared ssh socket, but I haven't yet been able to pinpoint
the exact issue.

Could you try your tests with an older version of ssh_func.inc, prior to
rev 1226?

I had the issue that gather-package-list.nasl would sometime correctly
report the remote OS, but on the next run wouldn't report anything at
all. This is probably SSH-related as well, did you observe something
similar?

> I did try your patch to libopenvas MIchael, but that didn't seem to
> resolve it.

Well, it didn't resolve it either for me. ;) But since it was obviously
broken, I decided to fix it before we forget the issue.

Regards,

Michael

-- 
Michael Wiegand |  OpenPGP key: D7D049EC  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner



More information about the Openvas-devel mailing list