[Openvas-devel] Multiple? issuesin secpod_oxid_eshop_priv_escalation_vuln.nasl

Chandrashekhar B bchandra at secpod.com
Fri Sep 18 06:44:26 CEST 2009


Thanks Micha!

Chandra.

-----Original Message-----
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Michael
Meyer
Sent: Thursday, September 17, 2009 8:04 PM
To: openvas-devel at wald.intevation.org
Subject: Re: [Openvas-devel] Multiple? issuesin
secpod_oxid_eshop_priv_escalation_vuln.nasl

Hi Thomas,

*** Thomas Reinke <lists at securityspace.com> wrote:

> This test is tripping false on every system we run it against that
> has a web server, presumably because of the security_note that
> displays the version without checking if eship was installed.

I have fixed that yesterday by removing

"security_note(data:"VERSION:"+eshopVer);".

Fixed version is available via openvas-nvt-sync.

> Also, I'm not sure if the line
> 
>     if(eshopVer[1] = "^4\.")
> 
> is doing what was intended.

No. ;) 

I have overlooked this yesterday. IMO this should be

"if(eshopVer[1] =~ "^4\.")".

I have fixed that and the fixed version is now available via svn.

Micha
_______________________________________________
Openvas-devel mailing list
Openvas-devel at wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel



More information about the Openvas-devel mailing list