[Plugins-writers] General: Plugins Reporting Unrelated Historic Information

• Previous message: Jason Haar: "[Plugins-writers] Bug in Nessus ID : 10430"
• Next in thread: Michel Arboi: "Re: [Plugins-writers] General: Plugins Reporting Unrelated Historic Information"
• Reply: Michel Arboi: "Re: [Plugins-writers] General: Plugins Reporting Unrelated Historic Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello All,

I've noticed for some plugins that only report on the existence of
a service also include unrelated historical vulnerability
information [1].  This is usually in the form of CVE references to
specific vulnerabilities and/or generic wording about the spotty
history of the service.  This is not consistently done, though,
through all plugins.  It is usually done on services that have not
had a bunch of issues or are more esoteric in nature (e.g. UDP
inetd services such as qotd, echo, chargen).

I disagree with the usage of CVE entries and harsh wording if all
that is being checked is the existence of a service.  Imagine a
plugin that was kept up-to-date and listed all the OpenSSL, Apache,
or Microsoft RPC CVE entries!  It does not, in my opinion, provide
useful information and should be removed.  It only seems to warn
people that have no idea what the service does and scares them into
disabling it.  It logically does not matter what the history of the
service is - if it is superfluous, disable the service.

If I contribute patches removing this, would they be likely
committed?

Thanks,

Jon

[1] Example plugins:

Plugin 10213:

The cmsd RPC service is running. This service has a long history of
security holes, so you should really know what you are doing if you
decide to let it run.  *** No security hole regarding this program
has been tested, so *** this might be a false positive  Solution :
We suggest that you disable this service.  Risk factor : High CVE :
CVE-1999-0320, CVE-1999-0696, CVE-2002-0391 BID : 428, 524, 5356

Related CVE entries:

CVE-1999-0320:
SunOS rpc.cmsd allows attackers to obtain root access by
overwriting arbitrary files.

CVE-1999-0696:
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd)

CVE-2002-0391:
Integer overflow in xdr_array function in RPC servers for operating
systems that use libc, glibc, or other code based on SunRPC
including dietlibc, allows remote attackers to execute arbitrary
code by passing a large number of arguments to xdr_array through
RPC services such as rpc.cmsd and dmispd.





		
__________________________________ 
Do you Yahoo!? 
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com 
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Jason Haar: "[Plugins-writers] Bug in Nessus ID : 10430"
• Next in thread: Michel Arboi: "Re: [Plugins-writers] General: Plugins Reporting Unrelated Historic Information"
• Reply: Michel Arboi: "Re: [Plugins-writers] General: Plugins Reporting Unrelated Historic Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Feb 18 2005 - 14:16:05 PST