[Plugins-writers] backport.inc report_paranoia bug [PATCH]

From: Hubert Seiwert (hubert@private)
Date: Mon Feb 05 2007 - 10:07:44 PST


Hi,

I think there's a bug in backport.inc in relation to the report_paranoia setting.

Backport.inc currently checks the setting in the following way:

In get_backport_banner:

 paranoia = get_kb_item("global_settings/report_paranoia");
 if ( paranoia == "Paranoid" ) return banner;

Also in get_php_version:

 if ( paranoia == "Paranoid" ) return php_version;

So this seems to be testing for an exact match of "Paranoid".

In global_settings.nasl, the paranoia preference is populated as follows:

 script_add_preference(name:"Report paranoia", type:"radio", value:"Normal;Avoid false alarms;Paranoid (more false alarms)");

This is reflected in the client nessusrc, and in the KB when the paranoid option is chosen:

1170673365 1 global_settings/report_paranoia=Paranoid (more false alarms)


It seems that this mismatch ( "Paranoid (more false alarms)" != "Paranoid" ) is causing backport.inc to function incorrectly.

When paranoia is set to Paranoid (more false alarms), the backport.inc functions should return the banners unchanged,
however because the setting is not being checked correctly it's still returning substituted banners and the plugins are not firing.
The user gets "Normal" paranoia behaviour even though "Paranoid (more false alarms)" was chosen.

I've seen this on several plugins which use the backport functions, e.g. 14748, 12239, 12255, 11507 etc.

Using a patched backport.inc (see attachment), all of these plugins fire as expected when paranoia is set to high.

The patch modifies backport.inc to check report_paranoia in the same way most plugins do it - include global_settings.inc and then check the global var report_paranoia, rather than checking the string stored in the KB.


Regards,

-- 
Hubert Seiwert

Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028


--- backport.inc	2007-02-05 17:24:28.000000000 +0000
+++ backport.inc	2007-02-05 17:42:07.000000000 +0000
@@ -21,6 +21,7 @@
 #
 #
 
+include("global_settings.inc");
 global_var backported;
 
 backported = 0;
@@ -30,8 +31,7 @@
  local_var i, j,k,l,backported_versions, real_versions, rx_backported_versions, rx_real_versions, paranoia, str;
 
  backported = 0;
- paranoia = get_kb_item("global_settings/report_paranoia");
- if ( paranoia == "Paranoid" ) return banner;
+ if ( report_paranoia > 1 ) return banner;
 
  
 
@@ -256,7 +256,6 @@
 function get_php_version(banner)
 {
  local_var www_version, php_version, paranoia;
- paranoia = get_kb_item("global_settings/report_paranoia");
 
  www_version = banner;
  if ( ! www_version ) return NULL;
@@ -266,7 +265,7 @@
  if ( ! php_version ) return NULL;
 
  php_version = ereg_replace(pattern:".*(PHP/[0-9.]*)[^0-9.].*", string:php_version, replace:"\1");
- if ( paranoia == "Paranoid" ) return php_version;
+ if ( report_paranoia > 1 ) return php_version;
 
  if ( egrep(pattern:"Server:.*Apache.*\(Red.Hat\)", string:www_version) )
  {


_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Mon Feb 05 2007 - 10:16:09 PST