Mailing List Archive: Nessus: devel

Cve_id field is being truncated when exporting results to MySQL

Index | Next | Previous | View Threaded

SPAOTVA at cse-cst

Dec 1, 2006, 6:48 AM

Post #1 of 2 (3453 views)
Permalink

Cve_id field is being truncated when exporting results to MySQL

Classification: UNCLASSIFIED

Hi,
I am running a CoLinux (Gentoo) session on my XP box with. Nessus for
Linux is running in Gentoo and I am using Nessus WX as my client.
I have the description, solution and cve_id fields set to text in MySQL.
When I export the results from a scan into MySQL through Nessus WX the
cve_id field get's truncated. The description and solution fields export
without a problem.
If I look at the raw data of the scan the cve_id information is
complete.
Has anyone run into this problem?

Thanks
Mike

theall at tenablesecurity

Dec 3, 2006, 11:52 AM

Post #2 of 2 (3176 views)
Permalink

Re: Cve_id field is being truncated when exporting results to MySQL [In reply to]

On Fri, Dec 01, 2006 at 09:48:48AM -0500, SPAOTVA wrote:

> I have the description, solution and cve_id fields set to text in MySQL.
> When I export the results from a scan into MySQL through Nessus WX the
> cve_id field get's truncated. The description and solution fields export
> without a problem.
>
> If I look at the raw data of the scan the cve_id information is complete.

Look at the type used for cve_id in the MySQL table. The schema
available here :

http://nessuswx.nessus.org/sql_tables.html

allows a maximum of only 32 characters, in other words, 2 CVEs. That's
definitely too small given the plugins that exist today. I'm not sure
what an upper bound should be, though, but 255 should avoid problems
with most plugins.

George
--
theall [at] tenablesecurity
_______________________________________________
Nessus-devel mailing list
Nessus-devel [at] list
http://mail.nessus.org/mailman/listinfo/nessus-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads