On Thu, 2003-03-06 at 10:58, Javier Fernandez-Sanguino wrote: > Michael Scheidell wrote: > > , this nasl is going to get patched several times, and while we > > are doing that, I hope that we can add this verbage to it (attached) > > > > It explains that if you patch sendmail, or run this nasl against a patched > > sendmail, you will get a false positive. > > Shouldn't we also link to the CERT advisory or the CERT's VU? It gives a > detailed list of which vendors are vulnerable: > http://www.cert.org/advisories/CA-2003-07.html > http://www.kb.cert.org/vuls/id/398025 > > Maybe we also need a script_vu_id()? In that case, I think we'd better add once and for all, a script_xref_id() function, and use : script_xref_id(src:"CVE", ref:"CVE-2002-1234"); script_xref_id(src:"Bugtraq", ref:"6543"); script_xref_id(src:"CERT", ref:"398025"); script_xref_id(src:"Snort", ref:"1310"); [...etc...] so that we can link to any kind of reference without having to add a new functions.
This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 02:08:12 PST