[Openvas-devel] Multiple? issues in secpod_oxid_eshop_priv_escalation_vuln.nasl

Michael Meyer mime at gmx.de
Thu Sep 17 16:34:09 CEST 2009


Hi Thomas,

*** Thomas Reinke <lists at securityspace.com> wrote:

> This test is tripping false on every system we run it against that
> has a web server, presumably because of the security_note that
> displays the version without checking if eship was installed.

I have fixed that yesterday by removing

"security_note(data:"VERSION:"+eshopVer);".

Fixed version is available via openvas-nvt-sync.

> Also, I'm not sure if the line
> 
>     if(eshopVer[1] = "^4\.")
> 
> is doing what was intended.

No. ;) 

I have overlooked this yesterday. IMO this should be

"if(eshopVer[1] =~ "^4\.")".

I have fixed that and the fixed version is now available via svn.

Micha


More information about the Openvas-devel mailing list