Mailing List Archive

About Nessus 3.0.6 for Linux
Hi,
I am system administrator of Pontificia Universidad Catolica del Peru. We
use Nessus 3.0.6 for Linux (free version) in our servers.
When we scan a web server with :
- Red Hat 5 (64 bits)
- php-5.1.6-20.el5_2.1
- Apache: httpd-2.2.3-11.el5_1.3

and the nessus report shows some critical vulnerabilities in php and
suggests update the version of php (The attach "output.prueba.20080725"
shows the results).

After that, we reported this to Red Hat support and they told us that this
scanner has an approach which not checking individual security
vulnerabilities and because of this it can produce some false positives.
Because of this, we want to know if this Nessus version is compatible with
RedHat 5 (64 bits) and we appreciate you can confirm if these results are
false positives or not.

Thank you very much for your help.

Regards,

****************************************
Gisella Linares Chong
Oficina de Soporte Informatico
Direccion de Informatica - PUCP
Telef: 626-2000 anexo 3378
http://dirinfo.pucp.edu.pe
****************************************
Re: About Nessus 3.0.6 for Linux [ In reply to ]
Hi there,

That particular plugin has this line in it:

---
According to its banner, the version of PHP installed on the remote
host is older than 5.2.6. Such versions may be affected by the
following issues :
---

RedHat does not update the version in the banner.

For accurate detection of these types of issues, I would suggest
performing a host-based patch audit.

Also, please be advised that the Registered plugin feed is no longer
available and as a university, you should switch to the
ProfessionalFeed.

Ron Gula
Tenable Network Security


Gisella Linares wrote:
> Hi,
> I am system administrator of Pontificia Universidad Catolica del Peru. We
> use Nessus 3.0.6 for Linux (free version) in our servers.
> When we scan a web server with :
> - Red Hat 5 (64 bits)
> - php-5.1.6-20.el5_2.1
> - Apache: httpd-2.2.3-11.el5_1.3
>
> and the nessus report shows some critical vulnerabilities in php and
> suggests update the version of php (The attach "output.prueba.20080725"
> shows the results).
>
> After that, we reported this to Red Hat support and they told us that this
> scanner has an approach which not checking individual security
> vulnerabilities and because of this it can produce some false positives.
> Because of this, we want to know if this Nessus version is compatible with
> RedHat 5 (64 bits) and we appreciate you can confirm if these results are
> false positives or not.
>
> Thank you very much for your help.
>
> Regards,
>
> ****************************************
> Gisella Linares Chong
> Oficina de Soporte Informatico
> Direccion de Informatica - PUCP
> Telef: 626-2000 anexo 3378
> http://dirinfo.pucp.edu.pe
> ****************************************
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus