[Openvas-devel] Need help with Concurrent Checks Bug

Felix Wolfsteller felix.wolfsteller at intevation.de
Tue Apr 14 13:26:17 CEST 2009


Some evidence for chandras guess that it might have something to do with 
variable naming:
make tests as described below, than apply the attached patch against 
secpod_ms08-071.nasl in servers plugin dir, restart the server and redrive 
the tests.

-- felix

On Tuesday 14 April 2009 13:06:59 Felix Wolfsteller wrote:
> I found a rather small setup that might allow inspections:
>
> Setup: openvas-server on debian, target is a win xp machine (w/sp2 i
> think).
>
> Dependency at runtime enabled, plus following checks (Family, Name, OID):
> * Microsoft Bulletins, SMB Could Allow Remote Code Execution Vulnerability
> (957097), 900057
> * Microsoft Bulletins, Unchecked Buffer in PPTP Implementation Could Enable
> DOS Attacks (Q3298349), 11178
> * Microsoft Bulletins, Unchecked Buffer in XP Redirector (Q810577), 11231
> *  Microsoft Bulletins, Vulnerabilities in GDI Could Allow Remote Code
> Execution (956802), 900059
> *  Microsoft Bulletins, Windows Kernel Elevation of Privilege Vulnerability
> (954211), 900051
> *  Windows, Microsoft Windows NSlookup.exe Remote Code Execution
> Vulnerability, 900108
> * . Windows, .NET JIT Compiler Vulnerability, 90010
> *  Windows, Windows Vulnerability in Microsoft Jet Database Engine, 90024
>
> On this setup reports from scans with concurrent checks == 1 and ==2 differ
> quite consequently.
>
> hth
> felix
>
> On Tuesday 07 April 2009 12:32:17 Felix Wolfsteller wrote:
> > Time has come to get rid of the concurrent checks problem.
> >
> > Some bug prevents checks to result in a deterministic report if "Checks
> > to perform concurrently" is set != 1.
> >
> > The proposed solution (set "Checks to perform concurrently" != 1) is a
> > workaround at best.
> >
> > Therefore it is now time to find and eliminate this bug. I am calling for
> > help.
> >
> > The main bug report is
> > http://bugs.openvas/779
> > but I feel that http://bugs.openvas/788 and http://bugs.openvas/886 might
> > be connected to it.
> >
> > It seems that the bug appears only when local checks are employed.
> >
> > Any help (logs, openvasrcs, tons of lines of code, words of
> > encouragement, insights) would be greatly appreciated.
> >
> > felix


-- 
Felix Wolfsteller |  ++49-541-335 08 3451  |  http://www.intevation.de/
PGP Key: 39DE0100
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: secpod_ms08-071.patch
Type: text/x-diff
Size: 658 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090414/86abd1d3/secpod_ms08-071.bin


More information about the Openvas-devel mailing list