Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins

Nessus Script ID: 20862 version 1.11: Contain A Bug?

 

 

Nessus plugins RSS feed   Index | Next | Previous | View Threaded


nessusd at nemesis316

Nov 27, 2006, 5:50 PM

Post #1 of 6 (1820 views)
Permalink
Nessus Script ID: 20862 version 1.11: Contain A Bug?

Hello All,



Nessus Version: 2.2.7



The scripts that depend on Script ID 20862 version 1.11 (mozilla_org_installed.nasl) do not report vulnerabilities.



If I use Script ID 20862 version 1.9, the scripts that depend on it, report correctly.



Could someone provide insight on the problem?



Thanks,

Paul


theall at tenablesecurity

Nov 27, 2006, 6:08 PM

Post #2 of 6 (1734 views)
Permalink
Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [In reply to]

On Mon, Nov 27, 2006 at 07:50:24PM -0600, Paul Bellefeuille wrote:

> The scripts that depend on Script ID 20862 version 1.11
> (mozilla_org_installed.nasl) do not report vulnerabilities.
...
> If I use Script ID 20862 version 1.9, the scripts that depend on it,
> report correctly.
...
> Could someone provide insight on the problem?

Is that plugin reporting the version info correctly? What about saving
it in a KB?

George
--
theall [at] tenablesecurity
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers


nessusd at nemesis316

Nov 27, 2006, 9:26 PM

Post #3 of 6 (1748 views)
Permalink
Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [In reply to]

>>>Is that plugin reporting the version info correctly? What about saving it
>>>in a KB?


Using "display" statements the plugin reports the version correctly from the
registry. However the plugin does not report the file version correctly. In
addition, the only KB item saved is, "Launched/20862=1".


----- Original Message -----
From: Paul Bellefeuille
To: plugins-writers [at] list
Sent: Monday, November 27, 2006 7:50 PM
Subject: Nessus Script ID: 20862 version 1.11: Contain A Bug?


Hello All,

Nessus Version: 2.2.7

The scripts that depend on Script ID 20862 version 1.11
(mozilla_org_installed.nasl) do not report vulnerabilities.

If I use Script ID 20862 version 1.9, the scripts that depend on it, report
correctly.

Could someone provide insight on the problem?

Thanks,
Paul

_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers


theall at tenablesecurity

Nov 28, 2006, 3:42 AM

Post #4 of 6 (1747 views)
Permalink
Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [In reply to]

On Mon, Nov 27, 2006 at 11:26:42PM -0600, Paul Bellefeuille wrote:

> Using "display" statements the plugin reports the version correctly from
> the registry. However the plugin does not report the file version
> correctly.

You mean you're displaying the value of 'ver' as taken from the
'CurrentVersion' registry setting, right? Is the plugin also getting the
name of the EXE correctly?

Also, which Mozilla products / versions are involved?


George
--
theall [at] tenablesecurity
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers


nessusd at nemesis316

Nov 28, 2006, 8:13 AM

Post #5 of 6 (1745 views)
Permalink
Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [In reply to]

>>>You mean you're displaying the value of 'ver' as taken from the
>>>'CurrentVersion' registry setting, right? Is the plugin also getting the
>>>name of the EXE correctly?

Yes

>>>>Also, which Mozilla products / versions are involved?

Firefox version 1.0 PR
Thunderbird version 1.0.5
Firefox version 1.5
Thunderbird version 1.5.02

Below contains some addition information.

>From nessusd.dump:

share: C$
exe2: \Program Files\Mozilla Firefox\firefox.exe
fh: [ 0: 16385, 1: 'cLm' ]
ret: [. wValueLength: 52, dwFileFlagsMask: 63, wType: 0, dwFileOS: 4,
dwFileDateLS: 0, dwStrucVersion: 65536, dwProductVersionLS: 0, Padding1: 0,
dwFileVersionMS: 65544, dwFileFlags: 0, szKey: 'VS_VERSION_INFO',
dwFileDateMS: 0, dwProductVersionMS: 65541, dwFileType: 2, wLength: 856,
dwFileSubtype: 0, dwSignature: -17890115, dwFileVersionLS: 1314073452 ]
children:

Source snipplet:

display("share: ",share,"\n");
display("exe2: ",exe2,"\n");
display("fh: ",fh,"\n");

ver = NULL;
if (!isnull(fh))
{
ret = GetFileVersionEx(handle:fh);
CloseFile(handle:fh);

display("ret: ",ret,"\n");

if (!isnull(ret)) children = ret['Children'];

display("children: ",children,"\n");
if (!isnull(children))
{
varfileinfo = children['VarFileInfo'];
if (!isnull(varfileinfo))

_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers


theall at tenablesecurity

Nov 28, 2006, 8:49 AM

Post #6 of 6 (1752 views)
Permalink
Re: Nessus Script ID: 20862 version 1.11: Contain A Bug? [In reply to]

On Tue, Nov 28, 2006 at 10:13:44AM -0600, Paul Bellefeuille wrote:

> Firefox version 1.0 PR
> Thunderbird version 1.0.5
> Firefox version 1.5
> Thunderbird version 1.5.02

Hmm, I just installed Firefox 1.5 and Thunderbird 1.5.0.2 on a lab
machine and ran the plugin; it reported the versions correctly.

> exe2: \Program Files\Mozilla Firefox\firefox.exe
> fh: [ 0: 16385, 1: 'cLm' ]
> ret: [. wValueLength: 52, dwFileFlagsMask: 63, wType: 0, dwFileOS: 4,
> dwFileDateLS: 0, dwStrucVersion: 65536, dwProductVersionLS: 0, Padding1:
> 0, dwFileVersionMS: 65544, dwFileFlags: 0, szKey: 'VS_VERSION_INFO',
> dwFileDateMS: 0, dwProductVersionMS: 65541, dwFileType: 2, wLength: 856,
> dwFileSubtype: 0, dwSignature: -17890115, dwFileVersionLS: 1314073452 ]
> children:

Now that's different from what I see. Which version of Firefox was this
for? Any chance you could point me to or supply me with the distribution
file used to install it? Or just the exe itself?


George
--
theall [at] tenablesecurity
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Nessus plugins RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.