That is the case here as well. The list rpm check displays all of the installed
packages, and the ones that are being reported as vulnerable do not appear in
the list. Also, we have ran every conceivable combination of up2date and came
to the obvious conclusion that the boxes are fully patched.Subject: RE:
Possible False Positives Scanning 64 bit Red Hat SystemsDate: Thu, 21 Jun 2007
11:06:41 -0700From: JScherff@24hourfit.comTo: ebk_lists@hotmail.com;
nessus@list.nessus.org
This is happening to us
as well, and I'm a direct-feed customer. I just sent Renaud a message
about this. If someone from Tenable support will send me a PGP key, I'll
send the NBE file and HTML report.
Nice thing about this
particular scan: one of the plugins lists all the installed packages, so the
proof that all 18 findings (in this case) are false-positives is in the report
itself.
John Scherff
24 Hour
Fitness
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Joe
CrabshackSent: Thursday, June 21, 2007 8:00 AMTo:
nessus@list.nessus.orgSubject: Possible False Positives Scanning 64
bit Red Hat Systems
I have googled and searched the list, and
haven't found anything related to what I am seeing. I am scanning some 64 Bit
Red Hat boxes, and they are coming up with a number of False Positive
vulnerabilities. I scanned one of these machines a few weeks ago, and didn't
notice this problem. I'm on the 14 day delay, and I just updated
yesterday.One of the many plugins that are coming back vulnerable is
18441. Looking at the code, it appears that this check is looking for the
following:dbus-0.22-12.EL.2dbus-devel-0.22-12.EL.2dbus-glib-0.22-12.EL.2dbus-python-0.22-12.EL.2dbus-x11-0.22-12.EL.2But
when I look on the affected system, these packages do not appear to be
present:[me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep
dbusdbus-devel-0.22-12.EL.9|(none)dbus-0.22-12.EL.9|(none)dbus-0.22-12.EL.9|(none)dbus-x11-0.22-12.EL.9|(none)dbus-python-0.22-12.EL.9|(none)dbus-glib-0.22-12.EL.9|(none)dbus-glib-0.22-12.EL.9|(none)Another
example, # 19390. This check is looking
for:irb-1.8.1-7.EL4.1ruby-1.8.1-7.EL4.1ruby-devel-1.8.1-7.EL4.1ruby-docs-1.8.1-7.EL4.1ruby-libs-1.8.1-7.EL4.1ruby-mode-1.8.1-7.EL4.1ruby-tcltk-1.8.1-7.EL4.1On
my machine:[me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep
rubyruby-libs-1.8.1-7.EL4.8|(none)[me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep irb[me@thebox
~]$Other information from the machine being scanned:cat
/etc/redhat-release = Red Hat Enterprise Linux AS release 4 (Nahant Update
5)uname -m = x86_64uname -a = Linux thebox.somewhere.net
2.6.9-55.ELsmp #1 SMP Fri Apr 20 16:36:54 EDT 2007 x86_64 x86_64 x86_64
GNU/LinuxScanner Host:nessus (Nessus) 3.0.5 for
Linux2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686 i686 i386
GNU/LinuxRed Hat Enterprise Linux WS release 4 (Nahant Update
5)This is my first post to the list, so if you need more info, please
let me know.Thanks.
Live Earth is coming. Learn more about the hottest summer event - only
on MSN. Check it out!
_________________________________________________________________
Play free games, earn tickets, get cool prizes! Join Live Search Club.
http://club.live.com/home.aspx?icid=CLUB_wlmailtextlink_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
