Hi,
I tried to perform local security checks for a gentoo box where the
machine I was trying to scan was also the host for nessusd. I found
that the find command in the plugin ssh_get_info.nasl failed due to
some quoting problems. Using the patch attacked seems to fix the
problem. I think there is not a problem for local checks where nessusd
is not running on the scanned machine as the ssh_cmd format is
different from the pread command that had the problem.
Martin
--
Dr. M.J. Reed Room: 1NW.5.3G
Dept. Electronic Systems Engineering Tel:+44 (0)1206 872479
University of Essex, Colchester CO4 3SQ, UK FAX:+44 (0)1206 872900
Email mjreed (non Essex users should add @essex.ac.uk)
Web: http://esewww.essex.ac.uk/~mjreed
diff -c /usr/lib/nessus/plugins/ssh_get_info.nasl /tmp/ssh_get_info.nasl
*** /usr/lib/nessus/plugins/ssh_get_info.nasl 2005-02-21 00:01:57.000000000
+0000
--- /tmp/ssh_get_info.nasl 2005-02-21 00:01:19.000000000 +0000
***************
*** 366,375 ****
# 1. app-portage/gentoolkit is not necessarily installed
# 2. and this find is quicker than "qpkg -v -I -nc"
if ( islocalhost() )
! buf = pread(cmd:"find", argv:make_list("find", "/var/db/pkg/",
"-mindepth", "2", "-maxdepth", "2", "-printf", '%P\\n'));
else
buf = ssh_cmd(socket:sock, timeout:60, cmd:'find /var/db/pkg/ -mindepth
2 -maxdepth 2 -printf "%P\\n"');- display("GOT ",buf,"\n");
if (buf)
{
report += '\nLocal security checks have been enabled for this host.';
--- 366,374 ----
# 1. app-portage/gentoolkit is not necessarily installed
# 2. and this find is quicker than "qpkg -v -I -nc"
if ( islocalhost() )
! buf = pread(cmd:"find", argv:make_list("find", "/var/db/pkg/",
"-mindepth", "2", "-maxdepth", "2", "-printf", '"%P\\n"'));
else
buf = ssh_cmd(socket:sock, timeout:60, cmd:'find /var/db/pkg/ -mindepth
2 -maxdepth 2 -printf "%P\\n"'); if (buf)
{
report += '\nLocal security checks have been enabled for this host.';
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
