[Openvas-devel] mailman_password_retrieval.nasl

Peter SJF Bance Minstrel at minstrel.org.uk
Fri Jul 1 16:11:49 CEST 2011


Hi,

[Note that I'm not subscribed to this mailing list - it's the only way I 
can find to report a bug in an OpenVAS plugin without signing up for an 
account on a Web-based service?]

I was surprised to find the above triggered in a test I ran against one 
of my servers today.  It suggests I upgrade to Mailman version 2.1.5 or 
higher, but the server is running version 2.1.13.

I'm not fully conversant with the NASL syntax, but I think this plugin 
has been updated in the original Nessus set - the lines concerned appear 
to be:

=== OpenVAS mailman_password_retrieval.nasl ===

     if (ereg(pattern:"^2\.1(b[2-6]|rc1|\.[1-4])", string:ver)) {
       security_warning(port);
       exit(0);
     }

=== Nessus mailman_password_retrieval.nasl ===

     if (ereg(pattern:"^2\.1(b[2-6]|rc1|\.[1-4]([^0-9]|$))", string:ver)) {
       security_warning(port);
       exit(0);
     }

-- 
Peter SJF Bance
http://www.minstrel.org.uk/



More information about the Openvas-devel mailing list