About Nessus issue
Tobias Glemser
tglemser at tele-consulting.com
Mon Apr 4 09:03:46 EDT 2005
> Does the Nessus scan and check the Package version for the security
> warning?
nessus normally relies on banners given by your webserver. Gladly, the
banner doesn't tell the bugfix-level of your system. If you read the
description of the holes which were found - is there nothing like
"*** Note that several Linux distributions patched the old version of
*** this module. Therefore, this alert might be a false positive. Please
*** check with your vendor to determine if you really are vulnerable to
*** this flaw"
?
Your problem is one of the basic problems with automatic penetration
testing - the tools often check the version which is given by the daemon
and don't actually prove the bugs my "real checks". So you always have to
check the results if they're correct for your very special implementation.
If the scan result seems to be wrong for your system, this is what one
calls: "false positive".
Hope this helps to understand the results better.
Toby
More information about the Nessus
mailing list