nnposter at users
Mar 10, 2009, 8:12 PM
Post #1 of 1
(2097 views)
Permalink
|
|
Low severity and CVSS score in ssh1_proto_enabled.nasl
|
|
Plugin ssh1_proto_enabled.nasl (version 1.18) rates CVE-2001-0361 as
Low with CVSS 2.6, which seems rather odd, especially considering that
it should be rated similarly to SSLv2.
According to CVE/NVD the CVSS score is in fact 4.0:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0361
The following patch fixes the issue:
--- ssh1_proto_enabled.nasl.orig 2009-02-24 21:15:13.000000000 -0600
+++ ssh1_proto_enabled.nasl 2009-03-10 13:13:49.000000000 -0400
@@ -33,8 +33,8 @@
Risk factor :
-Low / CVSS Base Score : 2.6
-(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)";
+Medium / CVSS Base Score : 4.0
+(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)";
script_description(english:desc["english"]);
@@ -91,5 +91,5 @@
if((test_version(version:"1.33", port:port)) ||
(test_version(version:"1.5", port:port)))
- security_note(port);
+ security_warning(port);
Cheers,
nnposter
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers
|
