Hi there!
Ok:
$ ls |wc -l
1810
$ grep -iL cve *nasl |wc -l
717
So, there are 717 with no mention of CVE references whatsoever, that's
quite a lot but CVE is not complete. I have taken some time do a CVE
revision, and attached is the result (48 files reviewed). Some comments:
- for those I have not been able to found any CVE references I've
added 'script_cve_id("CVE-MAP-NOMATCH");'. Why? Because it makes it
easier to do further reviews (just look for those files that do _not_
have script_cve_id). The fact that there is _no_ CVE reference is
useful and will avoid others to review (over and over) the same files
if they don't have a CVE id. I'm using the same token Bugtraq uses
even if http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-MAP-NOMATCH
is invalid.
- For all those "default accounts" plugins I've used "CAN-1999-0508"
or any of the CAN-1999-0501 to CAN-1999-0508 appropiate (those are
generic entries for null, blank, guessable, and default passwords over
different systems).
- I've added more information on the CISCO plugins since some are not
verbose enough to determine _what_ precisely is the problem.
Hopefully this is useful to others, and Renaud will include it in CVS
after others have a chance to comment any mistakes I might have done.
Regards
Javi
PS: I'm not sure I will be able to review the pending 669 but, just
for the record, I've started in the order given by ' grep -iL cve
*nasl' (top to bottom).
This archive was generated by hypermail 2b30 : Thu Dec 11 2003 - 03:26:32 PST