From michael.wiegand at intevation.de  Mon May  4 15:02:24 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Mon, 4 May 2009 15:02:24 +0200
Subject: [Openvas-plugins] Fwd: [OVAL-DEVELOPER-LIST] Version 5.6 Release
	Timeline
Message-ID: <20090504130224.GJ8829@intevation.de>

Hello,

For those of you who are already subscribed to oval-developer, sorry for
the repost.

For everyone else: if you have an idea for OVAL or ovaldi that could
improve OVAL support in OpenVAS, now is very good time to tell the OVAL
folks about it.

Regards,

Michael

----- Forwarded message from "Baker, Jon" <bakerj at MITRE.ORG> -----

From: "Baker, Jon" <bakerj at MITRE.ORG>
To: OVAL-DEVELOPER-LIST at LISTS.MITRE.ORG
Date:         Thu, 30 Apr 2009 21:14:37 -0400
Subject: [OVAL-DEVELOPER-LIST] Version 5.6 Release Timeline

It is time to begin the version 5.6 release process. I would like to
propose the following timeline for the release:

 - DRAFT May 14 (First draft published)
 - RELEASE CANDIDATE July 17
 - OFFICIAL August 14

There is currently a running list of issues slated for version 5.6 on
the version 5.6 web page
(http://oval.mitre.org/language/download/schema/version5.6/index.html).
Other issues and feature requests will be posted on this page as we work
through the release. It is expected that any outstanding new test
requests and new component schema requests will be integrated into this
release. 

This timeline should fit well with the SCAP Validation Program lifecycle
and work to ensure that we have a release in good shape for the 1
September 2009 deadline. The suggested timeline will allow for this and
give us plenty of time to produce a high quality release that could be
included in SCAP in September.

As many of you know we have conducted a review, clean up, and
clarification of our release process. Those activities were completed a
few weeks ago and the resulting documentation is now available on the
oval web site (http://oval.mitre.org/language/about/index.html).

Please let us know if you have any questions, comments, or concerns
about this timeline. Of course, if you have specific items you would
like to see in this release please don't be shy.

Thanks,

Jon 

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: bakerj at mitre.org

----- End forwarded message -----

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090504/8fc7e0a8/attachment.pgp

From jfs at computer.org  Sun May 10 11:38:36 2009
From: jfs at computer.org (Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?=)
Date: Sun, 10 May 2009 11:38:36 +0200
Subject: [Openvas-plugins] [Openvas-distro-deb] openvas-plugins Debian
	Package
In-Reply-To: <20090421064503.GA18319@intevation.de>
References: <20090420123229.GD12465@intevation.de>
	<200904201531.10736.waja@cyconet.org>
	<20090420134809.GF12465@intevation.de>
	<200904201711.41015.waja@cyconet.org>
	<20090421064503.GA18319@intevation.de>
Message-ID: <20090510093836.GA28012@javifsp.no-ip.org>

On Tue, Apr 21, 2009 at 08:45:04AM +0200, Michael Wiegand wrote:
> * Jan Wagner [20. Apr 2009]:
> > > What do I need to do to make the buildds love openvas-server again?
> >
> > I did all the needed steps. :)
> 
> Thank you! :)
> 
> > > > and openvas-plugins aren't in Debian et al.
> > >
> > > What would be your suggestion for getting it into Debian? Strip out all
> > > offending plugins or strip all non-C plugins?
> > 
> > Hmm .... I would suggest to drop all non-dfsg plugins and then let the users
> > decide, if/what/when they update the plugins from your feed. I guess there is
> > fancy script, which can do that. :)
> 
> Using Javier's audit script, there are only two non-free plugins
> remaining. Is this a complete list or are there other scripts Debian
> might object to?
> 
> The two scripts are:
> apache_username.nasl
> smb_hotfixes.inc
> 
> Both are (C) Tenable without any licensing information.

I already mentioned (january 2009) that those two should be removed. It seems
they were readded recently:

svn log apache_username.nasl:
------------------------------------------------------------------------
r3165 | mwiegand | 2009-04-23 09:18:25 +0200 (jue 23 de abr de 2009) | 3
lines

* scripts/apache_username.nasl: Added note regarding license to make
it clear that this script was indeed released under the GPL.

------------------------------------------------------------------------


> smb_hotfixes.inc is included by eight other plugins:

I suggested smb_hotfixes.inc was removed from the plugins package back in january. It
was then since added (again?) to the OpenVAS plugins:

svn log smb_hotfixes.inc
-----------------------------------------------------------
r3166 | mwiegand | 2009-04-23 09:19:23 +0200 ( 23 de abr de 2009) | 3
lines

* scripts/smb_hotfixes.inc: Added note regarding license to make
it clear that this script was indeed released under the GPL.
-----------------------------------------------------------

However, the header is not a proper "GPL header" and that's why the audit
scripts still complains about it. In order to have these comply the header
should be ammended to be a "proper" GPL


> AFAICT, smb_hotfixes.inc was not part of the Nessus GPL Feed, can anyone
> clarify where it came from? I'm not sure if the functionality provided
> by smb_hotfixes.inc is really needed and how much work this would be.
> I'm crossposting this to openvas-plugins in hope of some answers.

It seems it might have been part of the GPL feed at some point. I, however,
think this might be a mistake from Tenable. However, in one of our discussions (in
july 2008  @ openvas-devel:

---------------------------------------------------------------------------
From: "Chandrashekhar B" <bchandra at secpod.com>
To: <openvas-devel at wald.intevation.org>
Message-ID: <007901c8f15d$1cdb0f30$0201a8c0 at mahesh>
(...)

Tenable raised concern for smb_hotfixes.nasl and smb_hotfixes.inc when we
published in our website but, didn't raise for smb_nt.inc.

Chandra.
---------------------------------------------------------------------------

As said before, this should be clarified with Tenable.

> I would not mind removing smb_hotfixes.inc and dependent plugins from
> the Debian package if the damage is (as it seems) minimal.

I suggest these should be removed, Tenable should be contacted and, if they
agree, they should be included again.

Regards


Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090510/79462439/attachment.pgp

From goran.licina at lss.hr  Mon May 11 15:43:10 2009
From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=)
Date: Mon, 11 May 2009 15:43:10 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>

Hello,

 

we finally finished OS fingerprint plugin (in attachment). It is based on ICMP OS fingerprinting as described by Ofir Arkin and Fyodor Yarochkin in Phrack #57 (similar to xprobe2).

 

Also, during development, we had following issues caused by OpenVAS NASL interpreter:

 

1.  Function this_host() returned value 127.0.0.1 instead of external IP address on certain configuration (up to date Debian Lenny machine with all newest OpenVAS plugins from apt.intevation.de repository). On the same machine function returned correct values when using Nessus NASL intepreter. Any ideas why this happens?

 

2.  Function get_ip_element() returned wrong results when extracting IP_ID value from received ICMP packet. Example:

 

     get_ip_element(element : "ip_id", ip : ret);

 

Perhaps, if IP_ID value of received packet was 0xAABB (as seen by packet sniffers tcpdump and tshark), function returned value 0xBBAA (flipped bytes). We evaded this error by using symmetric number (0xBABA).

 

 

We are not sure whether our plugin should be put in Service Detection or General plugin family (or some other?). Plugin family is set to General in this version. Please tell us if we should change this.

 

Also we would like you to warn us if there are any mistakes in plugin code or you have suggestions how to improve it.

 

Best regards,

 

Goran Licina

--
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing
Faculty of Electrical Engineering and Computing
University of Zagreb

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090511/3b2d745d/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: os_fingerprint.nasl
Type: application/octet-stream
Size: 40329 bytes
Desc: os_fingerprint.nasl
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090511/3b2d745d/os_fingerprint-0001.obj

From michael.wiegand at intevation.de  Tue May 12 09:18:44 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Tue, 12 May 2009 09:18:44 +0200
Subject: [Openvas-plugins] [Openvas-distro-deb] openvas-plugins Debian
	Package
In-Reply-To: <20090510093836.GA28012@javifsp.no-ip.org>
References: <20090420123229.GD12465@intevation.de>
	<200904201531.10736.waja@cyconet.org>
	<20090420134809.GF12465@intevation.de>
	<200904201711.41015.waja@cyconet.org>
	<20090421064503.GA18319@intevation.de>
	<20090510093836.GA28012@javifsp.no-ip.org>
Message-ID: <20090512071844.GC17397@intevation.de>

* Javier Fern?ndez-Sanguino Pe?a [10. May 2009]:
> > Both are (C) Tenable without any licensing information.
> 
> I already mentioned (january 2009) that those two should be removed. It seems
> they were readded recently:

They were never removed from the SVN repository. I just added the GPL
note after we had determined that the two scripts were indeed part of
the Tenable GPL tarball.

> However, the header is not a proper "GPL header" and that's why the audit
> scripts still complains about it. In order to have these comply the header
> should be ammended to be a "proper" GPL

I have modified the scripts to add a standard GPLv2 header. Is this
enough.

> > AFAICT, smb_hotfixes.inc was not part of the Nessus GPL Feed, can anyone
> > clarify where it came from? I'm not sure if the functionality provided
> > by smb_hotfixes.inc is really needed and how much work this would be.
> > I'm crossposting this to openvas-plugins in hope of some answers.
> 
> It seems it might have been part of the GPL feed at some point.

The above was a mistake on my part since I failed to check the January
2005 tarball before writing this mail.

> I, however, think this might be a mistake from Tenable.
> (..)
> As said before, this should be clarified with Tenable.
> 
> > I would not mind removing smb_hotfixes.inc and dependent plugins from
> > the Debian package if the damage is (as it seems) minimal.
> 
> I suggest these should be removed, Tenable should be contacted and, if they
> agree, they should be included again.

I respectfully disagree. I think it would be impractical and downright
ridiculous to try to second-guess every plugin that Tenable put in their
GPL feed and to ask Tenable if the really, really meant it.

IMHO, the approach you propose would give Tenable an amount of influence
in the OpenVAS development process they should not have. Call me a
cynic, but I don't think Tenable will fall over themselves to handle
questions from the OpenVAS project. ;) What if they suddenly realize
that they didn't *really* mean to put a load of other plugings under the
the GPL, even though they were part of the GPL feed?

I think we have to draw the line here. I propose leaving the plugins in
question in the SVN repository. If Tenable insists on the plugins not
being GPL, it should be up to them to contact us and to provide a reason
how the plugins ended up in the GPL feed.

Again, sorry for making unclear statements in my initial mail.

Regards,

Michael

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090512/18662858/attachment.pgp

From michael.wiegand at intevation.de  Tue May 12 09:32:19 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Tue, 12 May 2009 09:32:19 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
Message-ID: <20090512073219.GD17397@intevation.de>

* Goran Li?ina [12. May 2009]:
> Also we would like you to warn us if there are any mistakes in plugin
> code or you have suggestions how to improve it.

First of all, thanks a lot for your contribution!

I'm curious, have you thought about supporting the nmap OS fingerprint
DB format (e.g. http://nmap.org/svn/nmap-os-db)?

IMHO, support for this format would be very useful since the nmap folks
seem to be putting a lot of effort into maintaining this data and I
would rather leave this task in their hand than burden the OpenVAS
plugin developers with trying to keep up with nmap.

Regards,

Michael
-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090512/07a2b55e/attachment.pgp

From javifs at gmail.com  Tue May 12 15:44:38 2009
From: javifs at gmail.com (Javier Fernandez-Sanguino)
Date: Tue, 12 May 2009 15:44:38 +0200
Subject: [Openvas-plugins] [Openvas-distro-deb] openvas-plugins Debian
	Package
In-Reply-To: <20090512071844.GC17397@intevation.de>
References: <20090420123229.GD12465@intevation.de>
	<200904201531.10736.waja@cyconet.org>
	<20090420134809.GF12465@intevation.de>
	<200904201711.41015.waja@cyconet.org>
	<20090421064503.GA18319@intevation.de>
	<20090510093836.GA28012@javifsp.no-ip.org>
	<20090512071844.GC17397@intevation.de>
Message-ID: <f3c99a80905120644p8f8db53r1d31573abc1d1fa0@mail.gmail.com>

2009/5/12 Michael Wiegand <michael.wiegand at intevation.de>:
>> I suggest these should be removed, Tenable should be contacted and, if they
>> agree, they should be included again.
>
> I respectfully disagree. I think it would be impractical and downright
> ridiculous to try to second-guess every plugin that Tenable put in their
> GPL feed and to ask Tenable if the really, really meant it.

I'm not giving any powers to Tenable that they don't have already.
They have the (c) after all. In any case, I'm highlighting this plugin
because in the openvas-devel mailing list somebody said that they had
been approached by Tenable (by Renaud I guess) and where asked to
remove them.

> IMHO, the approach you propose would give Tenable an amount of influence
> in the OpenVAS development process they should not have. Call me a
> cynic, but I don't think Tenable will fall over themselves to handle
> questions from the OpenVAS project. ;) What if they suddenly realize
> that they didn't *really* mean to put a load of other plugings under the
> the GPL, even though they were part of the GPL feed?

Then you have a copyright issue. If the plugin did not have (in the
GPL feed) a proper GPL header Tenable could assert their rights to a
different license and claim that they were not actually GPL-licensed
but, instead, bundled with GPL software.

If you keep the current situation and some months later, after people
have produced plugins based/dependant on this .inc file OpenVAS might
need to remove it and remove/rewrite the other plugins. It would be
best to clarify this with Tenable before going forward.

IMHO of course

Javier

From jan-oliver.wagner at intevation.de  Wed May 13 08:41:16 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Wed, 13 May 2009 08:41:16 +0200
Subject: [Openvas-plugins] [Openvas-distro-deb] openvas-plugins Debian
	Package
In-Reply-To: <f3c99a80905120644p8f8db53r1d31573abc1d1fa0@mail.gmail.com>
References: <20090420123229.GD12465@intevation.de>
	<20090512071844.GC17397@intevation.de>
	<f3c99a80905120644p8f8db53r1d31573abc1d1fa0@mail.gmail.com>
Message-ID: <200905130841.17187.jan-oliver.wagner@intevation.de>

On Tuesday 12 May 2009 15:44:38 Javier Fernandez-Sanguino wrote:
> 2009/5/12 Michael Wiegand <michael.wiegand at intevation.de>:
> > IMHO, the approach you propose would give Tenable an amount of influence
> > in the OpenVAS development process they should not have. Call me a
> > cynic, but I don't think Tenable will fall over themselves to handle
> > questions from the OpenVAS project. ;) What if they suddenly realize
> > that they didn't *really* mean to put a load of other plugings under the
> > the GPL, even though they were part of the GPL feed?
>
> Then you have a copyright issue. If the plugin did not have (in the
> GPL feed) a proper GPL header Tenable could assert their rights to a
> different license and claim that they were not actually GPL-licensed
> but, instead, bundled with GPL software.

there was some explicit announcements by Tenable and the feed
was referred to as "GPL Feed". Not sure how other laws judge this,
but in Germany this means a user can savely assume they mean GPL
if they say GPL ;-)
If you label a package "GPL" and put something different inside, this
isn't really something you can base a law case on.

However, they kept (and probably keep) reading/watching OpenVAS
and so far informed us when we were mistaken about license.
They gave some clear advice and we considered this during our license
clean up phase.

> If you keep the current situation and some months later, after people
> have produced plugins based/dependant on this .inc file OpenVAS might
> need to remove it and remove/rewrite the other plugins. It would be
> best to clarify this with Tenable before going forward.

As Michael said, clarification on single NVTs  will lead nowhere! Why should
they answer at all? If they don't they can easily block us and we have to 
rewrite it anyway.

IMHO: So, please just go ahead using the scripts (or depend on them).
Should there ever be a wrong assumption (despite our careful analysis),
and this can be prooven to us, then we rewrite it.

Apart from this, of course I recommend to have us write our own stuff
whenever possible. Eventually we get rid of any code copyrighted by Tenable.

Again: Anything in the "GPL Feed" of Tenable we regard as GPL unless
a file clearly states a different, proprietary license.
We have snapshots of January 2005 some mid of 2006 to check with.

Best

	Jan


From michael.wiegand at intevation.de  Wed May 13 09:41:10 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Wed, 13 May 2009 09:41:10 +0200
Subject: [Openvas-plugins] [Openvas-devel] Discontinuing openvas-plugins
	tarball?
In-Reply-To: <20090423081146.GB11585@intevation.de>
References: <20090423081146.GB11585@intevation.de>
Message-ID: <20090513074110.GF20025@intevation.de>

Hello,

first of all, a big thank you to everyone who has taken part in this
discussion. Thanks a lot for your great ideas!

I have tried to condense the discussion into a Change Request. Please
take a look at the CR at http://www.openvas.org/openvas-cr-32.html and
let me know if I missed or misunderstood anything.

If there a no more issues with the CR, I'd like to start voting on this
CR. Please reply to this mail on the list and indicate if you are in
favor of this Change Request (+1), don't care (+/-0) or are against it
(-1). Thank you!

Feel free to contact me if you have any questions or suggestions.

Regards,

Michael

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090513/d1aaf567/attachment.pgp

From felix.wolfsteller at intevation.de  Wed May 13 09:45:05 2009
From: felix.wolfsteller at intevation.de (Felix Wolfsteller)
Date: Wed, 13 May 2009 09:45:05 +0200
Subject: [Openvas-plugins] [Openvas-devel] Discontinuing openvas-plugins
	tarball?
In-Reply-To: <20090513074110.GF20025@intevation.de>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
Message-ID: <200905130945.05988.felix.wolfsteller@intevation.de>

+1

On Wednesday 13 May 2009 09:41:10 Michael Wiegand wrote:
> Hello,
>
> first of all, a big thank you to everyone who has taken part in this
> discussion. Thanks a lot for your great ideas!
>
> I have tried to condense the discussion into a Change Request. Please
> take a look at the CR at http://www.openvas.org/openvas-cr-32.html and
> let me know if I missed or misunderstood anything.
>
> If there a no more issues with the CR, I'd like to start voting on this
> CR. Please reply to this mail on the list and indicate if you are in
> favor of this Change Request (+1), don't care (+/-0) or are against it
> (-1). Thank you!
>
> Feel free to contact me if you have any questions or suggestions.
>
> Regards,
>
> Michael


-- 
Felix Wolfsteller |  ++49-541-335 08 3451  |  http://www.intevation.de/
PGP Key: 39DE0100
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

From jan-oliver.wagner at intevation.de  Wed May 13 10:13:52 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Wed, 13 May 2009 10:13:52 +0200
Subject: [Openvas-plugins] [Openvas-devel] Discontinuing openvas-plugins
	tarball?
In-Reply-To: <20090513074110.GF20025@intevation.de>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
Message-ID: <200905131013.52692.jan-oliver.wagner@intevation.de>

+1

-- 
Dr. Jan-Oliver Wagner | ++49-541-335 08 30  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

From bchandra at secpod.com  Wed May 13 10:39:38 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Wed, 13 May 2009 14:09:38 +0530
Subject: [Openvas-plugins] [Openvas-devel] Discontinuing
	openvas-pluginstarball?
In-Reply-To: <20090513074110.GF20025@intevation.de>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
Message-ID: <B1E27738FA3B492FB4E4357E14DB9854@bchandra>

+1

Chandra.


-----Original Message-----
From: openvas-plugins-bounces at wald.intevation.org
[mailto:openvas-plugins-bounces at wald.intevation.org] On Behalf Of Michael
Wiegand
Sent: Wednesday, May 13, 2009 1:11 PM
To: openvas-devel at wald.intevation.org; OpenVAS Discussion List; OpenVAS
Plugins List
Subject: Re: [Openvas-plugins] [Openvas-devel] Discontinuing
openvas-pluginstarball?

Hello,

first of all, a big thank you to everyone who has taken part in this
discussion. Thanks a lot for your great ideas!

I have tried to condense the discussion into a Change Request. Please
take a look at the CR at http://www.openvas.org/openvas-cr-32.html and
let me know if I missed or misunderstood anything.

If there a no more issues with the CR, I'd like to start voting on this
CR. Please reply to this mail on the list and indicate if you are in
favor of this Change Request (+1), don't care (+/-0) or are against it
(-1). Thank you!

Feel free to contact me if you have any questions or suggestions.

Regards,

Michael

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner


From waja at cyconet.org  Wed May 13 10:40:25 2009
From: waja at cyconet.org (Jan Wagner)
Date: Wed, 13 May 2009 10:40:25 +0200
Subject: [Openvas-plugins] [Openvas-devel] Discontinuing openvas-plugins
	tarball?
In-Reply-To: <20090513074110.GF20025@intevation.de>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
Message-ID: <200905131040.30385.waja@cyconet.org>

openvas-cr-32++^H+1

On Wednesday 13 May 2009, Michael Wiegand wrote:

> I have tried to condense the discussion into a Change Request. Please
> take a look at the CR at http://www.openvas.org/openvas-cr-32.html and
> let me know if I missed or misunderstood anything.

With kind regards, Jan.
-- 
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090513/7fc09c33/attachment.pgp

From mime at gmx.de  Wed May 13 11:01:42 2009
From: mime at gmx.de (Michael Meyer)
Date: Wed, 13 May 2009 11:01:42 +0200
Subject: [Openvas-plugins] [Openvas-devel] Discontinuing openvas-plugins
	tarball?
In-Reply-To: <20090513074110.GF20025@intevation.de>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
Message-ID: <20090513090142.GA2946@m2.homelinux.org>

*** Michael Wiegand <michael.wiegand at intevation.de> wrote:
> If there a no more issues with the CR, I'd like to start voting on this
> CR. Please reply to this mail on the list and indicate if you are in
> favor of this Change Request (+1), don't care (+/-0) or are against it
> (-1). Thank you!

+1

Micha

From jfs at computer.org  Wed May 13 11:21:26 2009
From: jfs at computer.org (Javier Fernandez-Sanguino)
Date: Wed, 13 May 2009 11:21:26 +0200
Subject: [Openvas-plugins] [Openvas-distro-deb] openvas-plugins Debian
	Package
In-Reply-To: <200905130841.17187.jan-oliver.wagner@intevation.de>
References: <20090420123229.GD12465@intevation.de>
	<20090512071844.GC17397@intevation.de>
	<f3c99a80905120644p8f8db53r1d31573abc1d1fa0@mail.gmail.com>
	<200905130841.17187.jan-oliver.wagner@intevation.de>
Message-ID: <f3c99a80905130221w16e22d9dj7f143a37d8d1821@mail.gmail.com>

2009/5/13 Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>:
> there was some explicit announcements by Tenable and the feed
> was referred to as "GPL Feed". Not sure how other laws judge this,
> but in Germany this means a user can savely assume they mean GPL
> if they say GPL ;-)
> If you label a package "GPL" and put something different inside, this
> isn't really something you can base a law case on.

Yes you can, that's why the FSF requests developers to put the license
in each and every file (header or source) that it might apply to.
Actually, there are many cases of software in which this happens: they
have a COPYING in the root tree that states 'GPL' but then they have
files with headers w/o an explicit license or with different licenses.
The COPYING does not apply to them and (in Debian) we maintainers have
to strive to clarify each and every little file

> However, they kept (and probably keep) reading/watching OpenVAS
> and so far informed us when we were mistaken about license.
> They gave some clear advice and we considered this during our license
> clean up phase.

I'm not sure they are reading this list.

> As Michael said, clarification on single NVTs ?will lead nowhere! Why should
> they answer at all? If they don't they can easily block us and we have to
> rewrite it anyway.

Again, why not give them the opportunity?

Regards

Javier

From goran.licina at lss.hr  Wed May 13 13:52:34 2009
From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=)
Date: Wed, 13 May 2009 13:52:34 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
	<20090512073219.GD17397@intevation.de>
Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C085D04@vlasta.lss-net.lss.hr>

> -----Original Message-----
> From: Michael Wiegand [mailto:michael.wiegand at intevation.de]
> Sent: Tuesday, May 12, 2009 9:32 AM
> To: Goran Li?ina
> Cc: Openvas-plugins at wald.intevation.org
> Subject: Re: [Openvas-plugins] OS fingerprint plugin
> 
> * Goran Li?ina [12. May 2009]:
> > Also we would like you to warn us if there are any mistakes in 
> > plugin code or you have suggestions how to improve it.
> 
> First of all, thanks a lot for your contribution!
> 
> I'm curious, have you thought about supporting the nmap OS fingerprint 
> DB format (e.g. http://nmap.org/svn/nmap-os-db)?

Our plugin currently doesn't support nmap DB format because it uses only ICMP probes, while nmap mostly uses TCP probes to determine remote OS. However there is a posibility to extend it with new modules to support nmap format, or even better to make new plugin that implements only nmap probes.

Did you plan to integrate completely nmap in OpenVAS in future versions or you suggest that we should make plugin that would use nmap database of fingerprints? Because if you plan to integrate it somehow, there is no much sense in wasting time to implement nmap approach in new plugin.

However, old plugins that use results generated by our plugin (those which have os_fingerprint.nasl as dependency) mostly read results from "Host/OS/ICMP" KB item, so our plugin is necessary for them to work properly.

Another thing, we would like to start working on plugins that detect some newer CVE vulnerabilities. Can you tell us what is the procedure for picking these and where can we see who is working on which vulnerability?

Thanks,

Goran Licina
--
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing 
Faculty of Electrical Engineering and Computing 
University of Zagreb

From mime at gmx.de  Wed May 13 15:53:18 2009
From: mime at gmx.de (Michael Meyer)
Date: Wed, 13 May 2009 15:53:18 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085D04@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
	<20090512073219.GD17397@intevation.de>
	<8A02A3DF683DEE42BE73187F4CA4444C085D04@vlasta.lss-net.lss.hr>
Message-ID: <20090513135318.GA15361@m2.homelinux.org>

*** Goran Li?ina <goran.licina at lss.hr> wrote:
> Another thing, we would like to start working on plugins that detect
> some newer CVE vulnerabilities. Can you tell us what is the
> procedure for picking these and where can we see who is working on
> which vulnerability?

As far as i know you can't see it anywhere. For the moment you should
perhaps drop a note to openvas-plugins and/or irc which plugins (cve/bid)
you plan to develop. You should also "grep" for bid/cve in plugin-dir from
svn to check, that there not already exist a plugin for the cve/bid.

IMHO we need some kind of centralized tool where every NASL-Developer
can add some information on which cve/bid he is working. Without such
a tool, we probably run into problems in the near future.

Micha

From christian.edjenguele at owasp.org  Wed May 13 19:08:10 2009
From: christian.edjenguele at owasp.org (Christian Eric Edjenguele)
Date: Wed, 13 May 2009 19:08:10 +0200
Subject: [Openvas-plugins] [Openvas-devel] [Openvas-discuss]
	Discontinuing openvas-pluginstarball?
In-Reply-To: <20B16ECBB2C348BEAACC23CB8296A63E@geoffPC>
References: <20090423081146.GB11585@intevation.de>	<20090513074110.GF20025@intevation.de>
	<20B16ECBB2C348BEAACC23CB8296A63E@geoffPC>
Message-ID: <4A0AFE7A.8000803@owasp.org>

+1

-- 
Christian Eric Edjenguele
IT Security Software Engineer / IT Enterprise Software Architect
Mobile (IT): +39 3408580513
PGP KeyID: 0xB1654498
Key Server: http://pgp.mit.edu
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ
eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs
K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P
6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3
EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2
QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj
IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy
aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm
RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0
wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w
8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW
BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G
NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV
e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM
i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3
cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z
fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA
gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4
U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t
SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C
51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ
KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2
x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX
fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr
ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ
mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC
5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy
yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre
2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3
4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF
E1MQObpE5A==
=7VGF
-----END PGP PUBLIC KEY BLOCK-----

From bchandra at secpod.com  Thu May 14 07:54:21 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Thu, 14 May 2009 11:24:21 +0530
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <20090513135318.GA15361@m2.homelinux.org>
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr><20090512073219.GD17397@intevation.de><8A02A3DF683DEE42BE73187F4CA4444C085D04@vlasta.lss-net.lss.hr>
	<20090513135318.GA15361@m2.homelinux.org>
Message-ID: <C1ECE0ABECA041C18B0A4E6F5420E97A@bchandra>



-----Original Message-----
From: openvas-plugins-bounces at wald.intevation.org
[mailto:openvas-plugins-bounces at wald.intevation.org] On Behalf Of Michael
Meyer
Sent: Wednesday, May 13, 2009 7:23 PM
To: openvas-plugins at wald.intevation.org
Subject: Re: [Openvas-plugins] OS fingerprint plugin

*** Goran Li?ina <goran.licina at lss.hr> wrote:
>> Another thing, we would like to start working on plugins that detect
>> some newer CVE vulnerabilities. Can you tell us what is the
>> procedure for picking these and where can we see who is working on
>> which vulnerability?

> IMHO we need some kind of centralized tool where every NASL-Developer
> can add some information on which cve/bid he is working. Without such
> a tool, we probably run into problems in the near future.

Yes, I agree, we need a tool. To start with, do we maintain a text file in
svn? 

Chandra.





From michael.wiegand at intevation.de  Thu May 14 08:59:29 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Thu, 14 May 2009 08:59:29 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085D04@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
	<20090512073219.GD17397@intevation.de>
	<8A02A3DF683DEE42BE73187F4CA4444C085D04@vlasta.lss-net.lss.hr>
Message-ID: <20090514065929.GF20418@intevation.de>

* Goran Li?ina [13. May 2009]:
> Did you plan to integrate completely nmap in OpenVAS in future
> versions or you suggest that we should make plugin that would use nmap
> database of fingerprints? Because if you plan to integrate it somehow,
> there is no much sense in wasting time to implement nmap approach in
> new plugin.

We would like to integrate nmap a lot closer in the future. In fact,
this is one of the topics that will be discussed at the OpenVAS DevCon2
in July.

One consequence of this might be that we integrate nmap as a library,
thus making a lot of nmap functionality available to the NVTs. This
would make integrating the nmap OS database trivial, so I guess
implementing it in NASL would be a waste of time as you suggest.

> However, old plugins that use results generated by our plugin (those
> which have os_fingerprint.nasl as dependency) mostly read results from
> "Host/OS/ICMP" KB item, so our plugin is necessary for them to work
> properly.

That sounds good. So your NVT will be useful right now; once we
integrate nmap, we could migrate the OS detection to nmap.

> Another thing, we would like to start working on plugins that detect
> some newer CVE vulnerabilities. Can you tell us what is the procedure
> for picking these and where can we see who is working on which
> vulnerability?

As chandra and mime said, not yet, but this is needed. I think it should
ultimately be up to the NASL developers to decide what the best
coordination platform would be. If you guys want to, I can set up a
tracker on wald (http://wald.intevation.org/tracker/?group_id=29) for
you. Just let me know what you think would be best.

Regards,

Michael

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090514/9f994e44/attachment.pgp

From mime at gmx.de  Thu May 14 11:57:30 2009
From: mime at gmx.de (Michael Meyer)
Date: Thu, 14 May 2009 11:57:30 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <C1ECE0ABECA041C18B0A4E6F5420E97A@bchandra>
References: <20090513135318.GA15361@m2.homelinux.org>
	<C1ECE0ABECA041C18B0A4E6F5420E97A@bchandra>
Message-ID: <20090514095730.GB2888@m2.homelinux.org>

*** Chandrashekhar B <bchandra at secpod.com> wrote:
> *** Goran Li?ina <goran.licina at lss.hr> wrote:
> >> Another thing, we would like to start working on plugins that detect
> >> some newer CVE vulnerabilities. Can you tell us what is the
> >> procedure for picking these and where can we see who is working on
> >> which vulnerability?
> 
> > IMHO we need some kind of centralized tool where every NASL-Developer
> > can add some information on which cve/bid he is working. Without such
> > a tool, we probably run into problems in the near future.
> 
> Yes, I agree, we need a tool. To start with, do we maintain a text file in
> svn? 

Yes, for me that's ok. What about a tracker on wald, as Michael suggested? What will
you and the other NASL-Developer prefer?

Micha

From bchandra at secpod.com  Thu May 14 13:15:11 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Thu, 14 May 2009 16:45:11 +0530
Subject: [Openvas-plugins] Current CVE's being implemented
Message-ID: <862A5B4AB08140FDB43783C9908E4104@bchandra>

Hello,

NASL developers undertaking Plugins development, it so happens that the same
CVE/BID might be handled by multiple developers. In order to avoid duplicate
efforts, it was agreed to maintain the list of CVE/BID's at a central
location. 

I have committed cve_current.txt file to SVN under openvas-plugins. This is
to maintain the CVE/BID's or any other ID's for which Plugins are being
implemented by NASL developers currently. The file will be updated with the
CVE/BID at the time of taking up for implementation and will be deleted once
the task is completed and the plugin is committed to SVN.

Thanks,
Chandra.


From jc at lacunae.org  Wed May 13 11:08:23 2009
From: jc at lacunae.org (Jonathan Care)
Date: Wed, 13 May 2009 10:08:23 +0100
Subject: [Openvas-plugins] [Openvas-discuss] [Openvas-devel]
	Discontinuing openvas-plugins tarball?
In-Reply-To: <20090513090142.GA2946@m2.homelinux.org>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
	<20090513090142.GA2946@m2.homelinux.org>
Message-ID: <29b38bfb0905130208w50ece509r278108b5992d9713@mail.gmail.com>

+1

On 5/13/09, Michael Meyer <mime at gmx.de> wrote:
> *** Michael Wiegand <michael.wiegand at intevation.de> wrote:
>> If there a no more issues with the CR, I'd like to start voting on this
>> CR. Please reply to this mail on the list and indicate if you are in
>> favor of this Change Request (+1), don't care (+/-0) or are against it
>> (-1). Thank you!
>
> +1
>
> Micha
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>

-- 
Sent from my mobile device

From geoff at galitz.org  Wed May 13 10:01:46 2009
From: geoff at galitz.org (Geoff Galitz)
Date: Wed, 13 May 2009 10:01:46 +0200
Subject: [Openvas-plugins] [Openvas-discuss] [Openvas-devel]
	Discontinuing openvas-pluginstarball?
In-Reply-To: <20090513074110.GF20025@intevation.de>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
Message-ID: <20B16ECBB2C348BEAACC23CB8296A63E@geoffPC>



+1


---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/




From d.jagdmann at dn-systems.de  Wed May 13 19:07:41 2009
From: d.jagdmann at dn-systems.de (Dirk Jagdmann)
Date: Wed, 13 May 2009 10:07:41 -0700
Subject: [Openvas-plugins] [Openvas-discuss] [Openvas-devel]
 Discontinuing openvas-plugins tarball?
In-Reply-To: <20090513074110.GF20025@intevation.de>
References: <20090423081146.GB11585@intevation.de>
	<20090513074110.GF20025@intevation.de>
Message-ID: <4A0AFE5D.1050306@dn-systems.de>

+1

-- 
Dirk Jagdmann <d.jagdmann at dn-systems.de> : Coder
Tel. +49-5121-28989-15
-- 
DN-Systems Enterprise Internet Solutions GmbH
Hornemannstr. 11 31137 Hildesheim, Germany
Tel. +49-5121-28989-0 Fax. +49-5121-28989-11
Handelsregister HRB-3213 Amtsgericht Hildesheim
Gesch?ftsf?hrer: Lukas Grunwald

From bchandra at secpod.com  Fri May 15 13:11:02 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Fri, 15 May 2009 16:41:02 +0530
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
Message-ID: <40D528599FBA40529E7B0696209985B5@bchandra>

Hello Goran,

________________________________________
From: openvas-plugins-bounces at wald.intevation.org
[mailto:openvas-plugins-bounces at wald.intevation.org] On Behalf Of Goran
Licina
Sent: Monday, May 11, 2009 7:13 PM
To: Openvas-plugins at wald.intevation.org
Subject: [Openvas-plugins] OS fingerprint plugin

>Hello,

>we finally finished OS fingerprint plugin (in attachment). It is based on
>ICMP OS fingerprinting as described by Ofir Arkin and Fyodor Yarochkin in
>Phrack #57 (similar to xprobe2).

I tested this plugin and it doesn't seem to work, it is getting stuck in the
send_packet() in a while loop. Likely the filter needs correction, am not
sure. But, as you have identified, it works fine with Nessus's nasl
interpreter.

>Also, during development, we had following issues caused by OpenVAS NASL
>interpreter:

>1. Function this_host() returned value 127.0.0.1 instead of external IP
>address on certain configuration (up to date Debian Lenny machine with all
>newest OpenVAS plugins from apt.intevation.de repository). On the same
>machine function returned correct values when using Nessus NASL intepreter.
>Any ideas why this happens?

This is working fine for me. May be the system didn't have the IP configured
correctly? 

>2. Function get_ip_element() returned wrong results when extracting IP_ID
>value from received ICMP packet. Example:

>???? get_ip_element(element : "ip_id", ip : ret);

>Perhaps, if IP_ID value of received packet was 0xAABB (as seen by packet
>sniffers tcpdump and tshark), function returned value 0xBBAA (flipped
>bytes). We evaded this error by using symmetric number (0xBABA).


>We are not sure whether our plugin should be put in Service Detection or
>General plugin family (or some other?). Plugin family is set to General in
>this version. Please tell us if we should change this.

I prefer it to be under Service Detection.

>Also we would like you to warn us if there are any mistakes in plugin code
>or you have suggestions how to improve it.

Thanks,
Chandra. 


From goran.licina at lss.hr  Fri May 15 13:40:14 2009
From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=)
Date: Fri, 15 May 2009 13:40:14 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
	<40D528599FBA40529E7B0696209985B5@bchandra>
Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C085D96@vlasta.lss-net.lss.hr>

> -----Original Message-----
> From: Chandrashekhar B [mailto:bchandra at secpod.com]
> Sent: Friday, May 15, 2009 1:11 PM
> To: Goran Li?ina; Openvas-plugins at wald.intevation.org
> Subject: RE: [Openvas-plugins] OS fingerprint plugin
> 
> Hello Goran,
> 

Hi!

> ________________________________________
> From: openvas-plugins-bounces at wald.intevation.org
> [mailto:openvas-plugins-bounces at wald.intevation.org] On Behalf Of Goran
> Licina
> Sent: Monday, May 11, 2009 7:13 PM
> To: Openvas-plugins at wald.intevation.org
> Subject: [Openvas-plugins] OS fingerprint plugin
> 
> >Hello,
> 
> >we finally finished OS fingerprint plugin (in attachment). It is based
> on
> >ICMP OS fingerprinting as described by Ofir Arkin and Fyodor Yarochkin
> in
> >Phrack #57 (similar to xprobe2).
> 
> I tested this plugin and it doesn't seem to work, it is getting stuck
> in the
> send_packet() in a while loop. Likely the filter needs correction, am
> not
> sure. But, as you have identified, it works fine with Nessus's nasl
> interpreter.

Have you tested it with newest openvas-nasl interpreter? We also had problems with send_packet() function
when using older interpreter version because of pcap_timeout bug (http://wald.intevation.org/tracker/?func=detail&atid=220&aid=901&group_id=29).

> 
> >Also, during development, we had following issues caused by OpenVAS
> NASL
> >interpreter:
> 
> >1. Function this_host() returned value 127.0.0.1 instead of external
> IP
> >address on certain configuration (up to date Debian Lenny machine with
> all
> >newest OpenVAS plugins from apt.intevation.de repository). On the same
> >machine function returned correct values when using Nessus NASL
> intepreter.
> >Any ideas why this happens?
> 
> This is working fine for me. May be the system didn't have the IP
> configured
> correctly?

I don't think this is the reason because this_host() function returned correct IP address when using
Nessus nasl interpreter on the sam machine. Not sure, maybe it is another bug?

As I said this happened only on specified configuration (Debian Lenny + newest packages from apt.intevation.de).
Any ideas what should I check in IP configuration of that machine? It is being used on daily basis and everything else
is working properly.

> 
> >2. Function get_ip_element() returned wrong results when extracting
> IP_ID
> >value from received ICMP packet. Example:
> 
> >???? get_ip_element(element : "ip_id", ip : ret);
> 
> >Perhaps, if IP_ID value of received packet was 0xAABB (as seen by
> packet
> >sniffers tcpdump and tshark), function returned value 0xBBAA (flipped
> >bytes). We evaded this error by using symmetric number (0xBABA).
> 

Should we file this as a bug on Tracker?

> 
> >We are not sure whether our plugin should be put in Service Detection
> or
> >General plugin family (or some other?). Plugin family is set to
> General in
> >this version. Please tell us if we should change this.
> 
> I prefer it to be under Service Detection.

I corrected this, plugin is in attachment.

> 
> >Also we would like you to warn us if there are any mistakes in plugin
> code
> >or you have suggestions how to improve it.
> 
> Thanks,
> Chandra.

Regards,

Goran Licina
--
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing
Faculty of Electrical Engineering and Computing
University of Zagreb


-------------- next part --------------
A non-text attachment was scrubbed...
Name: os_fingerprint.rar
Type: application/octet-stream
Size: 5240 bytes
Desc: os_fingerprint.rar
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090515/b90cb34a/os_fingerprint.obj

From bchandra at secpod.com  Fri May 15 15:31:34 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Fri, 15 May 2009 19:01:34 +0530
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085D96@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
	<40D528599FBA40529E7B0696209985B5@bchandra>
	<8A02A3DF683DEE42BE73187F4CA4444C085D96@vlasta.lss-net.lss.hr>
Message-ID: <038CC66B6A6441FDA44F29032DE7B6C8@bchandra>


>Have you tested it with newest openvas-nasl interpreter? We also had
>problems with send_packet() function
>when using older interpreter version because of pcap_timeout bug
>(http://wald.intevation.org/tracker/?func=detail&atid=220&aid=901&group_id=
29).

I did with 2.0.1, let me rebuild and test once again. 


>I don't think this is the reason because this_host() function returned
>correct IP address when using
>Nessus nasl interpreter on the sam machine. Not sure, maybe it is another
>bug?

Could be, if it is reproducible on the same system, please file the bug. 

> 
> >2. Function get_ip_element() returned wrong results when extracting
> IP_ID
> >value from received ICMP packet. Example:
> 
> >???? get_ip_element(element : "ip_id", ip : ret);
> 
> >Perhaps, if IP_ID value of received packet was 0xAABB (as seen by
> packet
> >sniffers tcpdump and tshark), function returned value 0xBBAA (flipped
> >bytes). We evaded this error by using symmetric number (0xBABA).
> 

>Should we file this as a bug on Tracker?

Please file. I saw few other scripts using, they may not be working as well.


>I corrected this, plugin is in attachment.

Thanks.


Chandra. 


From schandan at secpod.com  Mon May 18 11:59:20 2009
From: schandan at secpod.com (chandan)
Date: Mon, 18 May 2009 15:29:20 +0530
Subject: [Openvas-plugins] OpenVAS plugin 11808 Question Follow-up
In-Reply-To: <mailman.7.1240740006.10608.openvas-plugins@wald.intevation.org>
References: <mailman.7.1240740006.10608.openvas-plugins@wald.intevation.org>
Message-ID: <4A113178.5020000@secpod.com>

This issue has been resolved (msrpc_dcom.nasl). Please test and let us
if there are any issues. Chandan Message: 2 Date: Fri, 24 Apr 2009
13:26:00 +0000 From: kjordan3 at gmail.com Subject: Re: [Openvas-plugins]
OpenVAS plugin 11808 Question Follow-up To: Chandrashekhar B
<bchandra at secpod.com>, Jan-Oliver Wagner
<jan-oliver.wagner at intevation.de>, openvas-plugins at wald.intevation.org,
kjordan3 at gmail.com Message-ID: <00221532c8ac05dec304684cf0a5 at google.com>
Content-Type: text/plain; charset="iso-8859-1" Fantastic! Keep me posted
and let me know how/if I can lend a hand. -Kevin On Apr 24, 2009 5:40am,
Chandrashekhar B <bchandra at secpod.com> wrote:

> > We saw the same issue reporting in one of our scan. We'll resolve this.
>   



> > Chandra.
>   



> > -----Original Message-----
>   

> > From: openvas-plugins-bounces at wald.intevation.org
>   

> > [mailto:openvas-plugins-bounces at wald.intevation.org] On Behalf Of  
> > Jan-Oliver
>   

> > Wagner
>   

> > Sent: Friday, April 24, 2009 2:53 AM
>   

> > To: openvas-plugins at wald.intevation.org
>   

> > Cc: kjordan3 at gmail.com
>   

> > Subject: Re: [Openvas-plugins] OpenVAS plugin 11808 Question Follow-up
>   



> > Hello all,
>   



> > anyone feels like digging into this issue reported by Kevin?
>   



> > Best
>   



> > Jan
>   



> > On Thursday 23 April 2009 00:07:35 you wrote:
>   

>> > > I found a response from you on the openvas-plugins mailing list archive
>>     

>> > > regarding this plugin and was hoping to work with you to find the  
>>     
> > answer.
>   

>> > >
>>     

>> > > Here is a link to that message:
>>     

>> > > http://marc.info/?l=openvas-plugins&m=121084160209010&w=2
>>     

>> > >
>>     

>> > > In your response you mentioned a possible explanation. The
>>     

> > msrpc_dcom2.nasl
>   

>> > > script had to be removed from openVAS and thus a dependency for the
>>     

>> > > msrpc_dcom.nasl script is missing. You then stated you might be able to
>>     

>> > > reproduce the problem but didn't have that service running on your XPSP2
>>     

>> > > system. Here's where I can help. Just this morning while testing OpenVAS
>>     

>> > > for the first time it reported the existence of this vulnerability on a
>>     

>> > > computer I use. However I have verified the patch for the vulnerability
>>     

> > and
>   

>> > > tested that computer with another scanner which reported that the  
>>     
> > computer
>   

>> > > is indeed not vulnerable. I can re-create the scenario as needed and  
>>     
> > offer
>   

>> > > whatever help to debug or trace the issue. As this particular
>>     

> > vulnerability
>   

>> > > was associated with a widely known worm, I think it is very important  
>>     
> > for
>   

>> > > OpenVAS to be accurate. I have an affinity for the efforts on this  
>>     
> > project
>   

>> > > and may even lend my security and coding expertise in the future.
>>     



> > --
>   

> > Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/
>   

> > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B  
> > 18998
>   

> > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>   

> > _______________________________________________
>   

> > Openvas-plugins mailing list
>   

> > Openvas-plugins at wald.intevation.org
>   

> > http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
>   



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090424/dfd345e3/attachment.html

------------------------------

Message: 3
Date: Fri, 24 Apr 2009 15:22:39 +0000
From: kjordan3 at gmail.com
Subject: Re: [Openvas-plugins] OpenVAS plugin 11808 Question Follow-up
To: Chandrashekhar B <bchandra at secpod.com>, kjordan3 at gmail.com,
	Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>,
	openvas-plugins at wald.intevation.org
Message-ID: <000325574d2a2de83b04684e91f2 at google.com>
Content-Type: text/plain; charset="iso-8859-1"

Ok, It will be later today or maybe Monday, but I will check it and  
respond. Do you have a specific version for me to check out? Or is it  
packaged?

Kevin


On Apr 24, 2009 9:24am, Chandrashekhar B <bchandra at secpod.com> wrote:



> > Committed now, please check it and let me know if you still find the  
> > issue.
>   



> > Chandra.
>   



> > ________________________________________
>   

> > From: kjordan3 at gmail.com [mailto:kjordan3 at gmail.com]
>   

> > Sent: Friday, April 24, 2009 6:56 PM
>   

> > To: Chandrashekhar B; Jan-Oliver Wagner;
>   

> > openvas-plugins at wald.intevation.org; kjordan3 at gmail.com
>   

> > Subject: Re: RE: [Openvas-plugins] OpenVAS plugin 11808 Question Follow-up
>   



> > Fantastic! Keep me posted and let me know how/if I can lend a hand.
>   



> > -Kevin
>   



> > On Apr 24, 2009 5:40am, Chandrashekhar B bchandra at secpod.com> wrote:
>   

>> > > We saw the same issue reporting in one of our scan. We'll resolve this.
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > Chandra.
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > -----Original Message-----
>>     

>> > >
>>     

>> > > From: openvas-plugins-bounces at wald.intevation.org
>>     

>> > >
>>     

>> > > [mailto:openvas-plugins-bounces at wald.intevation.org] On Behalf Of
>>     

> > Jan-Oliver
>   

>> > >
>>     

>> > > Wagner
>>     

>> > >
>>     

>> > > Sent: Friday, April 24, 2009 2:53 AM
>>     

>> > >
>>     

>> > > To: openvas-plugins at wald.intevation.org
>>     

>> > >
>>     

>> > > Cc: kjordan3 at gmail.com
>>     

>> > >
>>     

>> > > Subject: Re: [Openvas-plugins] OpenVAS plugin 11808 Question Follow-up
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > Hello all,
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > anyone feels like digging into this issue reported by Kevin?
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > Best
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > Jan
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > On Thursday 23 April 2009 00:07:35 you wrote:
>>     

>> > >
>>     

>>> > > > I found a response from you on the openvas-plugins mailing list  
>>>       
> > archive
>   

>> > >
>>     

>>> > > > regarding this plugin and was hoping to work with you to find the
>>>       

> > answer.
>   

>> > >
>>     

>>> > > >
>>>       

>> > >
>>     

>>> > > > Here is a link to that message:
>>>       

>> > >
>>     

>>> > > > http://marc.info/?l=openvas-plugins&m=121084160209010&w=2
>>>       

>> > >
>>     

>>> > > >
>>>       

>> > >
>>     

>>> > > > In your response you mentioned a possible explanation. The
>>>       

>> > >
>>     

>> > > msrpc_dcom2.nasl
>>     

>> > >
>>     

>>> > > > script had to be removed from openVAS and thus a dependency for the
>>>       

>> > >
>>     

>>> > > > msrpc_dcom.nasl script is missing. You then stated you might be able  
>>>       
> > to
>   

>> > >
>>     

>>> > > > reproduce the problem but didn't have that service running on your  
>>>       
> > XPSP2
>   

>> > >
>>     

>>> > > > system. Here's where I can help. Just this morning while testing  
>>>       
> > OpenVAS
>   

>> > >
>>     

>>> > > > for the first time it reported the existence of this vulnerability on  
>>>       
> > a
>   

>> > >
>>     

>>> > > > computer I use. However I have verified the patch for the  
>>>       
> > vulnerability
>   

>> > >
>>     

>> > > and
>>     

>> > >
>>     

>>> > > > tested that computer with another scanner which reported that the
>>>       

> > computer
>   

>> > >
>>     

>>> > > > is indeed not vulnerable. I can re-create the scenario as needed and
>>>       

> > offer
>   

>> > >
>>     

>>> > > > whatever help to debug or trace the issue. As this particular
>>>       

>> > >
>>     

>> > > vulnerability
>>     

>> > >
>>     

>>> > > > was associated with a widely known worm, I think it is very important
>>>       

> > for
>   

>> > >
>>     

>>> > > > OpenVAS to be accurate. I have an affinity for the efforts on this
>>>       

> > project
>   

>> > >
>>     

>>> > > > and may even lend my security and coding expertise in the future.
>>>       

>> > >
>>     

>> > >
>>     

>> > >
>>     

>> > > --
>>     

>> > >
>>     

>> > > Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/
>>     

>> > >
>>     

>> > > Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B
>>     

> > 18998
>   

>> > >
>>     

>> > > Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>>     

>> > >
>>     

>> > > _______________________________________________
>>     

>> > >
>>     

>> > > Openvas-plugins mailing list
>>     

>> > >
>>     

>> > > Openvas-plugins at wald.intevation.org
>>     

>> > >
>>     

>> > > http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
>>     

>> > >
>>     

>> > >
>>     

>> > >
>>     



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090424/6f4fbba5/attachment-0001.html

------------------------------

_______________________________________________
Openvas-plugins mailing list
Openvas-plugins at wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins


End of Openvas-plugins Digest, Vol 17, Issue 16
***********************************************



From bchandra at secpod.com  Tue May 19 12:02:12 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Tue, 19 May 2009 15:32:12 +0530
Subject: [Openvas-plugins] OS fingerprint plugin
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085D96@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
	<40D528599FBA40529E7B0696209985B5@bchandra>
	<8A02A3DF683DEE42BE73187F4CA4444C085D96@vlasta.lss-net.lss.hr>
Message-ID: <D08F36CDB1094CB383A8F422B2ED6923@bchandra>

Hello Goran,


>Have you tested it with newest openvas-nasl interpreter? We also had
>problems with send_packet() function
>when using older interpreter version because of pcap_timeout bug
>(http://wald.intevation.org/tracker/?func=detail&atid=220&aid=901&group_id=
>29).

I tested and it works fine, am not sure what the difference is. I'll commit
the Plugin today. Nice piece of work!

Thanks,
Chandra. 





From goran.licina at lss.hr  Tue May 19 15:09:12 2009
From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=)
Date: Tue, 19 May 2009 15:09:12 +0200
Subject: [Openvas-plugins] OS fingerprint plugin
References: <8A02A3DF683DEE42BE73187F4CA4444C085C74@vlasta.lss-net.lss.hr>
	<40D528599FBA40529E7B0696209985B5@bchandra>
	<8A02A3DF683DEE42BE73187F4CA4444C085D96@vlasta.lss-net.lss.hr>
	<D08F36CDB1094CB383A8F422B2ED6923@bchandra>
Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C085E2E@vlasta.lss-net.lss.hr>

> -----Original Message-----
> From: Chandrashekhar B [mailto:bchandra at secpod.com]
> Sent: Tuesday, May 19, 2009 12:02 PM
> To: Goran Li?ina; Openvas-plugins at wald.intevation.org
> Subject: RE: [Openvas-plugins] OS fingerprint plugin
> 
> Hello Goran,
> 
> 
> >Have you tested it with newest openvas-nasl interpreter? We also had
> >problems with send_packet() function
> >when using older interpreter version because of pcap_timeout bug
> >(http://wald.intevation.org/tracker/?func=detail&atid=220&aid=901&grou
> p_id=
> >29).
> 
> I tested and it works fine, am not sure what the difference is. I'll
> commit
> the Plugin today. Nice piece of work!
> 

Great, thanks.

I submitted get_ip_element() bug to Tracker.

Regards,

Goran Licina
--
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing
Faculty of Electrical Engineering and Computing
University of Zagreb



From Merlon at gmx.net  Wed May 20 08:21:49 2009
From: Merlon at gmx.net (Merlon@gmx.net)
Date: Wed, 20 May 2009 08:21:49 +0200
Subject: [Openvas-plugins] Plugins Patch
Message-ID: <20090520062149.191820@gmx.net>

Hello Community,

Once I got my practical work offer I am involved at OpenVAS.
In my special case I have to use OpenVAS a way it was not really
intend - to build an webapp around so users are detached from 
the real OpenVAS. Therefore I have to do some preparatory work
like this Script.

It will patch the current plugins, to clear older unused stuff
inside.

This is only for OpenVAS developer team, because if you want to
use it, you have to use it after each feed. if someone of OpenVAS
will execute it once to apply the patch, we will get all those
patched and signed plugins with the next feed. If you patch 
plugins by yourself, you have to resign the patched plugins.

It is a work, that could be done in past, but no one want it to do ;)

Chears
Markus Schr?der
-- 
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss f?r nur 17,95 Euro/mtl.!* http://dslspecial.gmx.de/freedsl-surfflat/?ac=OM.AD.PD003K11308T4569a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: correct_plugins
Type: application/octet-stream
Size: 4318 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090520/d9810b8b/correct_plugins.obj

From bchandra at secpod.com  Wed May 20 08:53:49 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Wed, 20 May 2009 12:23:49 +0530
Subject: [Openvas-plugins] Voting CR #23 - Script Family standardization
Message-ID: <26F2213FD2F44F19BAEAB99FD6404B23@bchandra>

Hello All,

The following CR, http://www.openvas.org/openvas-cr-23.html has been there
for quiet sometime, think it is time to go for voting. Please vote +1 if we
could go for the changes suggested in the CR.

Thanks,
Chandra.



From Merlon at gmx.net  Wed May 20 09:22:30 2009
From: Merlon at gmx.net (Merlon@gmx.net)
Date: Wed, 20 May 2009 09:22:30 +0200
Subject: [Openvas-plugins] Voting CR #23 - Script Family standardization
Message-ID: <20090520072230.115720@gmx.net>

>Hello All,
>
>The following CR, http://www.openvas.org/openvas-cr-23.html has been there
>for quiet sometime, think it is time to go for voting. Please vote +1 if we
>could go for the changes suggested in the CR.
>
>Thanks,
>Chandra.


+1 

Markus Schr?der
-- 
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss f?r nur 17,95 Euro/mtl.!* http://dslspecial.gmx.de/freedsl-surfflat/?ac=OM.AD.PD003K11308T4569a

From mime at gmx.de  Wed May 20 10:36:38 2009
From: mime at gmx.de (Michael Meyer)
Date: Wed, 20 May 2009 10:36:38 +0200
Subject: [Openvas-plugins] [Openvas-discuss] Voting CR #23 - Script
	Family standardization
In-Reply-To: <26F2213FD2F44F19BAEAB99FD6404B23@bchandra>
References: <26F2213FD2F44F19BAEAB99FD6404B23@bchandra>
Message-ID: <20090520083638.GB2641@m2.homelinux.org>

*** Chandrashekhar B <bchandra at secpod.com> wrote:
> The following CR, http://www.openvas.org/openvas-cr-23.html has been there
> for quiet sometime, think it is time to go for voting. Please vote +1 if we
> could go for the changes suggested in the CR.

+1

Micha

From bchandra at secpod.com  Wed May 20 15:29:24 2009
From: bchandra at secpod.com (Chandrashekhar B)
Date: Wed, 20 May 2009 18:59:24 +0530
Subject: [Openvas-plugins] Updated CR #25 - WMI Implementation
Message-ID: <75A85F34A6814A72BAFC0F5D2F7ADB58@bchandra>

Hello,

I have updated CR #25 - OpenVAS-libnasl: Introducing support for WMI
http://www.openvas.org/openvas-cr-25.html

Please review and let me know if you have any questions, feedback. I would
like to put this for voting if there are no comments or concerns.

Thanks,
Chandra.


From christian.edjenguele at owasp.org  Wed May 20 19:24:37 2009
From: christian.edjenguele at owasp.org (Christian Eric Edjenguele)
Date: Wed, 20 May 2009 19:24:37 +0200
Subject: [Openvas-plugins] [Openvas-discuss] Voting CR #23 - Script
	Family standardization
In-Reply-To: <20090520083638.GB2641@m2.homelinux.org>
References: <26F2213FD2F44F19BAEAB99FD6404B23@bchandra>
	<20090520083638.GB2641@m2.homelinux.org>
Message-ID: <4A143CD5.10803@owasp.org>

+1

-- 
Christian Eric Edjenguele
IT Security Software Engineer / IT Enterprise Software Architect
Mobile (IT): +39 3408580513
PGP KeyID: 0xB1654498
Key Server: http://pgp.mit.edu
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ
eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs
K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P
6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3
EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2
QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj
IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy
aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm
RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0
wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w
8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW
BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G
NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV
e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM
i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3
cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z
fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA
gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4
U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t
SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C
51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ
KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2
x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX
fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr
ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ
mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC
5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy
yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre
2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3
4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF
E1MQObpE5A==
=7VGF
-----END PGP PUBLIC KEY BLOCK-----

From michael.wiegand at intevation.de  Mon May 25 16:21:43 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Mon, 25 May 2009 16:21:43 +0200
Subject: [Openvas-plugins] Planning final openvas-plugins release
Message-ID: <20090525142143.GB10074@intevation.de>

Hello,

In Change Request #32 (http://www.openvas.org/openvas-cr-32.html) we
decided to discontinue the release of openvas-plugins tarball after a
final release.

In order to make progress with the CR, I would like to do the release
soon, preferably this week. If there are no objections I will schedule
the release for Thursday, May 28.

Plugin developers: Please keep an extra eye on the plugin quality and
make sure your plugins work as intended before adding them to the SVN.
I would like to do some QA before the release, so if you are planning on
adding or modifying plugins on Wednesday or Thursday, please do
coordinate your commits with me so we can make the last openvas-plugins
release the best ever. :)

If you have any question or suggestions, feel free to contact me.

Regards,

Michael

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090525/981c0833/attachment.pgp

From Merlon at gmx.net  Tue May 26 11:44:31 2009
From: Merlon at gmx.net (Merlon@gmx.net)
Date: Tue, 26 May 2009 11:44:31 +0200
Subject: [Openvas-plugins] Patch Update Final Version (without future wishes)
Message-ID: <20090526094431.108780@gmx.net>

Hello again,

Due to some bugs inside my first Version here are the 
Finale Version for all.

Wish: dependencie -> dependency
Wish: remove francais (and german) part from script_family

In end it proper works.

Regards 
Markus Schr?der

-- 
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss f?r nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch_plugins
Type: application/octet-stream
Size: 6102 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090526/7cc6f688/patch_plugins.obj

From Merlon at gmx.net  Tue May 26 12:24:23 2009
From: Merlon at gmx.net (Merlon@gmx.net)
Date: Tue, 26 May 2009 12:24:23 +0200
Subject: [Openvas-plugins] Resend Final Patch
Message-ID: <20090526102423.233090@gmx.net>

Due to debugging found into the sent version 
I will resend it now without and corrected:

dependencie -> dependencies

Chears
Markus Schr?der

PS: Delete or replace the old with this one
-- 
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss f?r nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch_plugins
Type: application/octet-stream
Size: 5330 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090526/75ee7b29/patch_plugins.obj

From goran.licina at lss.hr  Tue May 26 13:08:39 2009
From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=)
Date: Tue, 26 May 2009 13:08:39 +0200
Subject: [Openvas-plugins] Working on missing dependencies
Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>

Hi,

 

we would like to start working on the following plugins:

 

www_too_long_url.nasl

cisco_ids_manager_detect.nasl

rsync_modules.nasl

 

Please, notify us if someone else is working on these. 

 

Also, is it possible to maintain centralized list of missing dependencies somewhere (perhaps on SVN)?

 

Regards,

 

Goran Licina

--

Laboratory for Systems and Signals

Department of Electronic Systems and Information Processing

Faculty of Electrical Engineering and Computing

University of Zagreb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090526/a5890b93/attachment.htm

From Jan-Oliver.Wagner at greenbone.net  Tue May 26 16:38:51 2009
From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner)
Date: Tue, 26 May 2009 16:38:51 +0200
Subject: [Openvas-plugins] Working on missing dependencies
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>
Message-ID: <200905261638.52762.Jan-Oliver.Wagner@greenbone.net>

Hello Goran,

On Dienstag, 26. Mai 2009, Goran Li?ina wrote:
> we would like to start working on the following plugins:
> 
> www_too_long_url.nasl

would resolve 3 unmet dependencies:
myserver_post_dos.nasl
servletExec_DoS.nasl
ws4e_too_long_url.nasl

> cisco_ids_manager_detect.nasl

would resolve 1 unmet dependency:
embedded_web_server_detect.nasl

> rsync_modules.nasl

would resolve 1 unmet dependency:
rsync_path_sanitation_vuln.nasl
 
> Please, notify us if someone else is working on these. 

or in case there are already adequate replacements (with other names) available.

> Also, is it possible to maintain centralized list of missing dependencies somewhere (perhaps on SVN)?

already in place: openvas-plugins/cve_current.txt

Best

	Jan

-- 
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460
Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner

From michael.wiegand at intevation.de  Wed May 27 15:57:45 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Wed, 27 May 2009 15:57:45 +0200
Subject: [Openvas-plugins] Working on missing dependencies
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>
Message-ID: <20090527135744.GD18115@intevation.de>

* Goran Li?ina [26. May 2009]:
> Also, is it possible to maintain centralized list of missing dependencies somewhere (perhaps on SVN)?

I've just compiled a new list, see below. I will add it to the SVN
shortly.

Before you (or anyone else) start rewriting those missing NVTs, it is
important to analyze if the script is really needed or if the
functionality is already provided by other scripts.

Keep in mind that script_dependencies does *not* specify a "must-have"
relationship with another NVTs. It is more a "nice-to-have, please
enable if it exists" type of relationship. An NVT with missing
dependencies will still run, but might return less reliable results. An
NVT with missing includes will not load at all.

Regards,

Michael

The List:
=========

BEA_weblogic_Reveal_Script_Code.nasl depends on non-existant webmirror.nasl
DDI_IIS_Compromised.nasl depends on non-existant webmirror.nasl
apache_conn_block.nasl depends on non-existant macosx_SecUpd20040126.nasl
apache_conn_block.nasl depends on non-existant macosx_SecUpd20040503.nasl
apache_conn_block.nasl depends on non-existant macosx_SecUpd20041202.nasl
apache_htpasswd_overflow.nasl depends on non-existant macosx_version.nasl
apache_log_injection.nasl depends on non-existant macosx_SecUpd20040126.nasl
apache_log_injection.nasl depends on non-existant macosx_SecUpd20040503.nasl
apache_log_injection.nasl depends on non-existant macosx_SecUpd20041202.nasl
apache_log_injection.nasl depends on non-existant redhat-RHSA-2003-244.nasl
apache_log_injection.nasl depends on non-existant redhat_fixes.nasl
apache_mod_include_priv_escalation.nasl depends on non-existant macosx_SecUpd20041202.nasl
apache_mod_proxy_buff_overflow.nasl depends on non-existant macosx_SecUpd20041202.nasl
apache_mod_proxy_buff_overflow.nasl depends on non-existant mandrake_MDKSA-2004-065.nasl
apache_mod_proxy_buff_overflow.nasl depends on non-existant redhat-RHSA-2004-244.nasl
apcupsd_overflows.nasl depends on non-existant apcnisd_detect.nasl
asp_source_space.nasl depends on non-existant webmirror.nasl
cvs_file_existence_info_weak.nasl depends on non-existant cvs_pserver_heap_overflow.nasl
cvs_malformed_entry_lines_flaw.nasl depends on non-existant cvs_pserver_heap_overflow.nasl
ftpglob.nasl depends on non-existant solaris251_103603.nasl
ftpglob.nasl depends on non-existant solaris251_x86_103604.nasl
ftpglob.nasl depends on non-existant solaris26_106301.nasl
ftpglob.nasl depends on non-existant solaris26_x86_106302.nasl
ftpglob.nasl depends on non-existant solaris7_110646.nasl
ftpglob.nasl depends on non-existant solaris7_x86_110647.nasl
ftpglob.nasl depends on non-existant solaris8_111606.nasl
ftpglob.nasl depends on non-existant solaris8_x86_111607.nasl
hydra_snmp.nasl depends on non-existant snmp_settings.nasl
ibm_server_code.nasl depends on non-existant webmirror.nasl
jrun_getdir.nasl depends on non-existant webmirror.nasl
mailreader.nasl depends on non-existant webmirror.nasl
mod_ssl_hook_functions_format_string_vuln.nasl depends on non-existant mandrake_MDKSA-2004-075.nasl
mod_ssl_hook_functions_format_string_vuln.nasl depends on non-existant redhat-RHSA-2004-408.nasl
msrpc_dcom.nasl depends on non-existant msrpc_dcom2.nasl
mssql_brute_force.nasl depends on non-existant sybase_detect.nasl
myserver_post_dos.nasl depends on non-existant www_too_long_url.nasl
nav_installed.nasl depends on non-existant smb_enum_services.nasl
nfs_user_mount.nasl depends on non-existant showmount.nasl
no404.nasl depends on non-existant webmirror.nasl
openca_mult_sign_flaws.nasl depends on non-existant openca_html_injection.nasl
openca_sign_verif.nasl depends on non-existant openca_html_injection.nasl
openssh_afs.nasl depends on non-existant redhat-RHSA-2002-131.nasl
packeteer_packetshaper_web_dos.nasl depends on non-existant snmp_sysDesc.nasl
photopost_sql_injection.nasl depends on non-existant photopost_detect.nasl
php_mail_func_header_spoof.nasl depends on non-existant redhat-RHSA-2002-214.nasl
php_split_mime.nasl depends on non-existant webmirror.nasl
php_strip_tags_memory_limit_vuln.nasl depends on non-existant redhat-RHSA-2004-392.nasl
php_strip_tags_memory_limit_vuln.nasl depends on non-existant redhat-RHSA-2004-395.nasl
postnuke_news_xss.nasl depends on non-existant postnuke_detect.nasl
putty_arbitrary_command_execution.nasl depends on non-existant putty_version_check.nasl
relative_field_vulnerability.nasl depends on non-existant snmp_sysDesc.nasl
rsync_path_sanitation_vuln.nasl depends on non-existant rsync_modules.nasl
samba_arbitrary_file_access.nasl depends on non-existant smb_nativelanman.nasl
savce_installed.nasl depends on non-existant smb_enum_services.nasl
securenet_sensor_detect.nasl depends on non-existant macosx_version.nasl
sendmail_header.nasl depends on non-existant solaris26_105395.nasl
sendmail_header.nasl depends on non-existant solaris26_x86_105396.nasl
sendmail_header.nasl depends on non-existant solaris7_107684.nasl
sendmail_header.nasl depends on non-existant solaris7_x86_107685.nasl
sendmail_header.nasl depends on non-existant solaris8_110615.nasl
sendmail_header.nasl depends on non-existant solaris8_x86_110616.nasl
sendmail_header.nasl depends on non-existant solaris9_113575.nasl
sendmail_header.nasl depends on non-existant solaris9_x86_114137.nasl
servletExec_DoS.nasl depends on non-existant www_too_long_url.nasl
sophos_installed.nasl depends on non-existant smb_enum_services.nasl
spysweeper_corp_installed.nasl depends on non-existant smb_enum_services.nasl
sql_injection.nasl depends on non-existant webmirror.nasl
sybase_blank_password.nasl depends on non-existant sybase_detect.nasl
sympa_new_list_xss.nasl depends on non-existant sympa_detect.nasl
teso_telnet.nasl depends on non-existant ms_telnet_overflow.nasl
webapp_apage_cmd_exe.nasl depends on non-existant webapp_detect.nasl
ws4e_too_long_url.nasl depends on non-existant www_too_long_url.nasl
xoops_myheader_url_xss.nasl depends on non-existant xoops_detect.nasl
xoops_viewtopic_xss.nasl depends on non-existant xoops_detect.nasl


-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090527/6358327c/attachment.pgp

From goran.licina at lss.hr  Wed May 27 16:07:10 2009
From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=)
Date: Wed, 27 May 2009 16:07:10 +0200
Subject: [Openvas-plugins] Working on missing dependencies
References: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>
	<20090527135744.GD18115@intevation.de>
Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C085F82@vlasta.lss-net.lss.hr>

Hi, Michael!
 
> I've just compiled a new list, see below. I will add it to the SVN
> shortly.
> 

Thanks for the list! It will be very helpful.

> Before you (or anyone else) start rewriting those missing NVTs, it is
> important to analyze if the script is really needed or if the
> functionality is already provided by other scripts.
> 
> Keep in mind that script_dependencies does *not* specify a "must-have"
> relationship with another NVTs. It is more a "nice-to-have, please
> enable if it exists" type of relationship. An NVT with missing
> dependencies will still run, but might return less reliable results. An
> NVT with missing includes will not load at all.

Thank you for your tips, we will have that in mind. I guess good practice would 
be asking on the mailing list before starting work on missing plugin.

> 
> Regards,
> 
> Michael
> 

Regards, 

Goran Licina
--
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing
Faculty of Electrical Engineering and Computing
University of Zagreb



From michael.wiegand at intevation.de  Thu May 28 09:24:49 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Thu, 28 May 2009 09:24:49 +0200
Subject: [Openvas-plugins] Working on missing dependencies
In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>
References: <8A02A3DF683DEE42BE73187F4CA4444C085F36@vlasta.lss-net.lss.hr>
Message-ID: <20090528072449.GD26666@intevation.de>

* Goran Li?ina [26. May 2009]:
> Also, is it possible to maintain centralized list of missing dependencies somewhere (perhaps on SVN)?

I have used the list I posted yesterday to generate a few more
statistics about missing plugins and committed them to SVN:

* missing-deps.txt: New. Lists which script is missing which
dependency.

* missing-deps-per-file.txt: New. Lists the count of missing
dependencies per file.

* missing-deps-most-wanted.txt: New. Lists the scripts listed
most often as missing dependencies.

I hope these lists are useful to you NASL developers; if you need more
information or statistics, please let me know.

Regards,

Michael

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabr?ck, Germany   |    AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20090528/eec18f3e/attachment.pgp