[Openvas-plugins] Possible bug in savce_installed.nasl

Alfonso García agarcia at alienvault.com
Wed Dec 11 17:33:40 CET 2013


Hi,

This plugin is not showing the DAT version (the signatures version) of the
Symantec Anti Virus Corportate Edition. In the
function check_signature_version() we have the next code:


 key = soft_path + "Symantec\SharedDefs\";

   if(!registry_key_exists(key:key)){
    return 0;
   }

   items = make_list(
      "DEFWATCH_10",
      "NAVCORP_72",
      "NAVCORP_70",
      "NAVNT_50_AP1"
    );

    foreach item (items)
    {
      value = registry_get_sz(item:item, key:key);
      if(!value)return NULL;

        val = value;
        if (stridx(val, path) == 0)
        {
          val = val - (path+"\");
          if ("." >< val) val = val - strstr(val, ".");
          if (isnull(vers) || int(vers) < int(val)) vers = val;
        }

    }


In my windows machine the values of the key
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs are the next:

Value 0
  Name:            NAVCORP_70
  Type:            REG_SZ
  Data:            C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120314.019

Value 1
  Name:            SRTSP
  Type:            REG_SZ
  Data:            C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120314.019

Value 2
  Name:            SepCache3
  Type:            REG_SZ
  Data:            C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.002

Value 3
  Name:            SepCache1
  Type:            REG_SZ
  Data:            C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120314.019

Value 4
  Name:            SepCache2
  Type:            REG_SZ
  Data:            C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.020

Value 5
  Name:            DEFWATCH_10
  Type:            REG_SZ
  Data:            C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120314.019


I think with the below foreach the plugin tries to get the highest value
among the items list. But I have only two of those values in the registry.
When one of the items is not in the registry, the function returns NULL,
and the signatures version is not shown.

Let me know if you need something. Best regards.






-- 


Este mensaje y sus anexos pueden contener información confidencial y
están dirigidas
exclusivamente a su destinatario. Si usted ha recibido este mensaje y no es
el destinatario correcto, por favor háganoslo saber
inmediatamente respondiendo a este e-mail y procediendo a su destrucción.
De lo contrario, sea consciente que la utilización, divulgación y / o copia
de cualquier parte del mensaje sin autorización esta vetada por la ley y
sujeta a las sanciones del caso. Las opiniones y puntos de vista expresados
son exclusivamente responsabilidad del autor y no representan
necesariamente los de la empresa.

This message and its attachments may contain confidential information
intended solely for the addressee. If you have received this message and are
 not the correct recipient, please kindly let us know immediately by
replying to this e-mail and proceeding with its destruction. Otherwise, be
aware that the unauthorized use, disclosure or copy of any part of the
message is forbidden by law and subject to penalties. Any views or opinions
are solely those of the author and do not necessarily represent those of
the company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20131211/02162452/attachment.html>


More information about the Openvas-plugins mailing list