This problem has been fixed. Thanks Renaud!! Now, it appears that there is
another problem. I updated this morning to get the new rpm.inc file, and am now
re-running the scans I did yesterday. Yesterday, nessus was able to log in to
all 3 machines that I attempted to scan, and it was able to pull results from
all 3. This morning, nessus is only able to log into 1 of the 3 machines, and
is not even getting open port data from the other 2. I have verified that I can
ping and ssh into these machines, and they are/should be listening on a few
ports (22 being one of them). The general/tcp tab of the report on the machines
that are not returning results seems to indicate ping_host.nasl is not running.
I just found this weird as it was working yesterday.Again, these are 64 bit Red
Hat systems.Subject: RE: Possible False Positives Scanning 64 bit Red Hat
SystemsDate: Thu, 21 Jun 2007 11:06:41 -0700From: JScherff@24hourfit.comTo:
ebk_lists@hotmail.com; nessus@list.nessus.org
This is happening to us
as well, and I'm a direct-feed customer. I just sent Renaud a message
about this. If someone from Tenable support will send me a PGP key, I'll
send the NBE file and HTML report.
Nice thing about this
particular scan: one of the plugins lists all the installed packages, so the
proof that all 18 findings (in this case) are false-positives is in the report
itself.
John Scherff
24 Hour
Fitness
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Joe
CrabshackSent: Thursday, June 21, 2007 8:00 AMTo:
nessus@list.nessus.orgSubject: Possible False Positives Scanning 64
bit Red Hat Systems
I have googled and searched the list, and
haven't found anything related to what I am seeing. I am scanning some 64 Bit
Red Hat boxes, and they are coming up with a number of False Positive
vulnerabilities. I scanned one of these machines a few weeks ago, and didn't
notice this problem. I'm on the 14 day delay, and I just updated
yesterday.One of the many plugins that are coming back vulnerable is
18441. Looking at the code, it appears that this check is looking for the
following:dbus-0.22-12.EL.2dbus-devel-0.22-12.EL.2dbus-glib-0.22-12.EL.2dbus-python-0.22-12.EL.2dbus-x11-0.22-12.EL.2But
when I look on the affected system, these packages do not appear to be
present:[me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep
dbusdbus-devel-0.22-12.EL.9|(none)dbus-0.22-12.EL.9|(none)dbus-0.22-12.EL.9|(none)dbus-x11-0.22-12.EL.9|(none)dbus-python-0.22-12.EL.9|(none)dbus-glib-0.22-12.EL.9|(none)dbus-glib-0.22-12.EL.9|(none)Another
example, # 19390. This check is looking
for:irb-1.8.1-7.EL4.1ruby-1.8.1-7.EL4.1ruby-devel-1.8.1-7.EL4.1ruby-docs-1.8.1-7.EL4.1ruby-libs-1.8.1-7.EL4.1ruby-mode-1.8.1-7.EL4.1ruby-tcltk-1.8.1-7.EL4.1On
my machine:[me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep
rubyruby-libs-1.8.1-7.EL4.8|(none)[me@thebox ~]$ rpm -qa --qf
'%{NAME}-%{VERSION}-%{RELEASE}|%{EPOCH}\n' | grep irb[me@thebox
~]$Other information from the machine being scanned:cat
/etc/redhat-release = Red Hat Enterprise Linux AS release 4 (Nahant Update
5)uname -m = x86_64uname -a = Linux thebox.somewhere.net
2.6.9-55.ELsmp #1 SMP Fri Apr 20 16:36:54 EDT 2007 x86_64 x86_64 x86_64
GNU/LinuxScanner Host:nessus (Nessus) 3.0.5 for
Linux2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686 i686 i386
GNU/LinuxRed Hat Enterprise Linux WS release 4 (Nahant Update
5)This is my first post to the list, so if you need more info, please
let me know.Thanks.
Live Earth is coming. Learn more about the hottest summer event - only
on MSN. Check it out!
_________________________________________________________________
Live Earth is coming. Learn more about the hottest summer event - only on MSN.
http://liveearth.msn.com?source=msntaglineliveearthwlm_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
