Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Possible False Positives Scanning 64 bit Red Hat Systems

from [John Scherff] Network Security [Permanent Link]
Subject: RE: Possible False Positives Scanning 64 bit Red Hat Systems
Date: Thu, 21 Jun 2007 11:06:41 -0700 
This is happening to us as well, and I'm a direct-feed customer.  I just
sent Renaud a message about this.  If someone from Tenable support will
send me a PGP key, I'll send the NBE file and HTML report.  
 
Nice thing about this particular scan: one of the plugins lists all the
installed packages, so the proof that all 18 findings (in this case) are
false-positives is in the report itself.
 
John Scherff
24 Hour Fitness


________________________________

        From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Joe Crabshack
        Sent: Thursday, June 21, 2007 8:00 AM
        To: nessus@list.nessus.org
        Subject: Possible False Positives Scanning 64 bit Red Hat
Systems
        
        
        I have googled and searched the list, and haven't found anything
related to what I am seeing. I am scanning some 64 Bit Red Hat boxes,
and they are coming up with a number of False Positive vulnerabilities.
I scanned one of these machines a few weeks ago, and didn't notice this
problem. I'm on the 14 day delay, and I just updated yesterday.
        
        One of the many plugins that are coming back vulnerable is
18441. Looking at the code, it appears that this check is looking for
the following:
        
        dbus-0.22-12.EL.2
        dbus-devel-0.22-12.EL.2
        dbus-glib-0.22-12.EL.2
        dbus-python-0.22-12.EL.2
        dbus-x11-0.22-12.EL.2
        
        But when I look on the affected system, these packages do not
appear to be present:
        
        [me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep dbus
        dbus-devel-0.22-12.EL.9|(none)
        dbus-0.22-12.EL.9|(none)
        dbus-0.22-12.EL.9|(none)
        dbus-x11-0.22-12.EL.9|(none)
        dbus-python-0.22-12.EL.9|(none)
        dbus-glib-0.22-12.EL.9|(none)
        dbus-glib-0.22-12.EL.9|(none)
        
        Another example, # 19390. This check is looking for:
        
        irb-1.8.1-7.EL4.1
        ruby-1.8.1-7.EL4.1
        ruby-devel-1.8.1-7.EL4.1
        ruby-docs-1.8.1-7.EL4.1
        ruby-libs-1.8.1-7.EL4.1
        ruby-mode-1.8.1-7.EL4.1
        ruby-tcltk-1.8.1-7.EL4.1
        
        On my machine:
        
        [me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep ruby
        ruby-libs-1.8.1-7.EL4.8|(none)
        [me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep irb
        [me@thebox ~]$
        
        Other information from the machine being scanned:
        
        cat /etc/redhat-release = Red Hat Enterprise Linux AS release 4
(Nahant Update 5)
        uname -m = x86_64
        uname -a = Linux thebox.somewhere.net 2.6.9-55.ELsmp #1 SMP Fri
Apr 20 16:36:54 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
        
        Scanner Host:
        
        nessus (Nessus) 3.0.5 for Linux
        2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686 i686
i386 GNU/Linux
        Red Hat Enterprise Linux WS release 4 (Nahant Update 5)
        
        This is my first post to the list, so if you need more info,
please let me know.
        
        Thanks.
        
        
        
        

________________________________

        Live Earth is coming.  Learn more about the hottest summer event
- only on MSN. Check it out!
<http://liveearth.msn.com?source=msntaglineliveearthwlm>  


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: nessus update to 3.1.4, F. Riphagen
Next by Date:  RE: Possible False Positives Scanning 64 bit Red Hat Systems, Joe Crabshack
Previous by Thread:  Possible False Positives Scanning 64 bit Red Hat Systems, Joe Crabshack
Next by Thread:  RE: Possible False Positives Scanning 64 bit Red Hat Systems, Joe Crabshack
Indexes:  [Date] [Thread] [Top] [All Lists]