[Openvas-plugins] [Openvas-commits] r4091 - in trunk/openvas-plugins: . scripts

[Tim Brown]

Regarding:

+  script_id(800907);
+  script_version("$Revision: 1.0 ");
+  script_cve_id("CVE-2009-2354", "CVE-2009-2355", "CVE-2009-2356");
+  script_bugtraq_id(35606);
+  script_name("NullLogic Groupware Multiple Vulnerabilities (Linux)");
<snip>
+  script_description(desc);
+  script_summary("Check for the Version of NullLogic Groupware");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Intevation GmbH");
+  script_family("Denial of Service");
+  script_dependencies("gb_nulllogic_groupware_detect_lin.nasl");
+  script_require_keys("NullLogic-Groupware/Linux/Ver");
+  script_require_ports("Services/www", 4110);

and the equivalent NVT for Windows.  Is Denial of Service really the right 
family for the checks?  The checks can be performed safely, and two of the 
three outcomes are not DoS related.  Also, why does it depend on local checks 
and keys that this sets?  It's possible to test for this issue purely using 
remote means.  No criticism intended it's just that as the author of the 
original advisory I know these bugs quite well :).

Tim
-- 
Tim Brown
<mailto:timb at nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>