[Openvas-devel] Need help with Concurrent Checks Bug

Felix Wolfsteller felix.wolfsteller at intevation.de
Tue Apr 14 13:06:59 CEST 2009


I found a rather small setup that might allow inspections:

Setup: openvas-server on debian, target is a win xp machine (w/sp2 i think).

Dependency at runtime enabled, plus following checks (Family, Name, OID):
* Microsoft Bulletins, SMB Could Allow Remote Code Execution Vulnerability 
(957097), 900057
* Microsoft Bulletins, Unchecked Buffer in PPTP Implementation Could Enable 
DOS Attacks (Q3298349), 11178
* Microsoft Bulletins, Unchecked Buffer in XP Redirector (Q810577), 11231
*  Microsoft Bulletins, Vulnerabilities in GDI Could Allow Remote Code 
Execution (956802), 900059
*  Microsoft Bulletins, Windows Kernel Elevation of Privilege Vulnerability 
(954211), 900051
*  Windows, Microsoft Windows NSlookup.exe Remote Code Execution 
Vulnerability, 900108
* . Windows, .NET JIT Compiler Vulnerability, 90010
*  Windows, Windows Vulnerability in Microsoft Jet Database Engine, 90024

On this setup reports from scans with concurrent checks == 1 and ==2 differ 
quite consequently.

hth
felix


On Tuesday 07 April 2009 12:32:17 Felix Wolfsteller wrote:
> Time has come to get rid of the concurrent checks problem.
>
> Some bug prevents checks to result in a deterministic report if "Checks to
> perform concurrently" is set != 1.
>
> The proposed solution (set "Checks to perform concurrently" != 1) is a
> workaround at best.
>
> Therefore it is now time to find and eliminate this bug. I am calling for
> help.
>
> The main bug report is
> http://bugs.openvas/779
> but I feel that http://bugs.openvas/788 and http://bugs.openvas/886 might
> be connected to it.
>
> It seems that the bug appears only when local checks are employed.
>
> Any help (logs, openvasrcs, tons of lines of code, words of encouragement,
> insights) would be greatly appreciated.
>
> felix


-- 
Felix Wolfsteller |  ++49-541-335 08 3451  |  http://www.intevation.de/
PGP Key: 39DE0100
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner


More information about the Openvas-devel mailing list