Hi,
I think there's a bug in backport.inc in relation to the
report_paranoia setting.
Backport.inc currently checks the setting in the following
way:
In get_backport_banner:
paranoia =
get_kb_item("global_settings/report_paranoia");
if ( paranoia == "Paranoid" ) return banner;
Also in get_php_version:
if ( paranoia == "Paranoid" ) return
php_version;
So this seems to be testing for an exact match of
"Paranoid".
In global_settings.nasl, the paranoia preference is
populated as follows:
script_add_preference(name:"Report paranoia",
type:"radio", value:"Normal;Avoid false
alarms;Paranoid (more false alarms)");
This is reflected in the client nessusrc, and in the KB when
the paranoid option is chosen:
1170673365 1 global_settings/report_paranoia=Paranoid (more
false alarms)
It seems that this mismatch ( "Paranoid (more false
alarms)" != "Paranoid" ) is causing
backport.inc to function incorrectly.
When paranoia is set to Paranoid (more false alarms), the
backport.inc functions should return the banners unchanged,
however because the setting is not being checked correctly
it's still returning substituted banners and the plugins are
not firing.
The user gets "Normal" paranoia behaviour even
though "Paranoid (more false alarms)" was chosen.
I've seen this on several plugins which use the backport
functions, e.g. 14748, 12239, 12255, 11507 etc.
Using a patched backport.inc (see attachment), all of these
plugins fire as expected when paranoia is set to high.
The patch modifies backport.inc to check report_paranoia in
the same way most plugins do it - include
global_settings.inc and then check the global var
report_paranoia, rather than checking the string stored in
the KB.
Regards,
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United
Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
|
