Hi,
I’m using latest gvm 11 release and I’m trying to port my scripts from old Kali’s linux based OpenVAS (gvm9) into a new and supported gvm11. My scripts are using get_tasks, get_reports and get_results messages and it looks like there is some difference on results obtained from gvm9 and from gvm11. E.g.
gvm9 output looks (get_result, one result of many):
<result id="28f39ab2-4f23-477f-9630-be7120fdbfdd">
<name>SSH Weak Encryption Algorithms Supported</name>
<owner>
<name>raocs</name>
</owner>
<comment/>
<creation_time>2020-04-21T18:35:14Z</creation_time>
<modification_time>2020-04-21T18:35:14Z</modification_time>
<user_tags>
<count>0</count>
</user_tags>
<host>10.0.30.26<asset asset_id="ee539aae-a0bd-4409-8d16-2b015e8e7fe6"/></host>
<port>22/tcp</port>
<nvt oid="1.3.6.1.4.1.25623.1.0.105611">
<type>nvt</type>
<name>SSH Weak Encryption Algorithms Supported</name>
<family>General</family>
<cvss_base>4.3</cvss_base>
<cve>NOCVE</cve>
<bid>NOBID</bid>
<xref>URL:https://tools.ietf.org/html/rfc4253#section-6.3, URL:https://www.kb.cert.org/vuls/id/958563</xref>
<tags>cvss_base_vector=AV:N/AC:M/Au:N/C:P/I:N/A:N|insight=The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems
with weak keys, and should not be used anymore.
The `none` algorithm specifies that no encryption is to be done.
Note that this method provides no confidentiality protection, and it
is NOT RECOMMENDED to use it.
A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.|vuldetect=Check if
remote ssh service supports Arcfour, none or CBC ciphers.|summary=The remote SSH server is configured to allow weak encryption algorithms.|solution=Disable t
he weak encryption algorithms.|solution_type=Mitigation|qod_type=remote_active</tags>
<cert/>
</nvt>
<scan_nvt_version>2020-03-26T13:48:10+0000</scan_nvt_version>
<threat>Medium</threat>
<severity>4.3</severity>
<qod>
<value>95</value>
<type>remote_active</type>
</qod>
<description>The following weak client-to-server encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
The following weak server-to-client encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se</description>
<original_threat>Medium</original_threat>
<original_severity>4.3</original_severity>
<notes/>
<overrides/>
</result>
and when I scan the same host with gvm11 and when I obtain the equivalent result it looks like:
<result id="897d3097-efe1-476c-ab9a-12915c29de8e">
<name>SSH Weak Encryption Algorithms Supported</name>
<creation_time>2020-04-20T21:30:35Z</creation_time>
<host>10.0.30.26<asset asset_id="830dbe3f-9085-477f-820d-7c439cb6e99b"/><hostname>power-sc.localdomain</hostname></host>
<port>22/tcp</port>
<nvt oid="1.3.6.1.4.1.25623.1.0.105611">
<type>nvt</type>
<name>SSH Weak Encryption Algorithms Supported</name>
<family>General</family>
<cvss_base>4.3</cvss_base>
<tags>cvss_base_vector=AV:N/AC:M/Au:N/C:P/I:N/A:N|solution=Disable the weak encryption algorithms.|solution_type=Mitigation</tags>
<refs>
<ref type="url" id="https://tools.ietf.org/html/rfc4253#section-6.3"/>
<ref type="url" id="https://www.kb.cert.org/vuls/id/958563"/>
</refs>
</nvt>
<severity>4.3</severity>
<qod>
<value>95</value>
</qod>
<description>The following weak client-to-server encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
The following weak server-to-client encryption algorithms are supported by the remote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
Please note:
- threat value missing there
- various tags value missing (especially summary)
As at least threat value should be there following gvm11 protocol spec (as far as I understand it), I’d consider this to be a bug and the question is if I shall report it somewhere (github?) and if so, then to what project? If however this is all right and there is some special way how to obtain summary and threat values, then I would appreciate if someone let me know that.
Thanks!
Karel
When posting you should provide information about your environment using the following template:
GVM versions
gsa: (‘gsad --version’):
$ gsad --version
Greenbone Security Assistant 9.0
gvm: (‘gvmd --version’)
$ gvmd --version
Greenbone Vulnerability Manager 9.0.0
Manager DB revision 221
openvas-scanner: (‘openvassd --version’)
$ openvas --version
OpenVAS 7.0.0
gvm-libs:
$ ls -la /usr/local/lib/libgvm*
lrwxrwxrwx 1 root root 21 Apr 13 19:18 /usr/local/lib/libgvm-pg-server.so -> libgvm-pg-server.so.0
lrwxrwxrwx 1 root root 25 Apr 13 19:18 /usr/local/lib/libgvm-pg-server.so.0 -> libgvm-pg-server.so.9.0.0
-rw-r–r-- 1 root root 47272 Apr 13 19:17 /usr/local/lib/libgvm-pg-server.so.9.0.0
lrwxrwxrwx 1 root root 17 Apr 13 19:14 /usr/local/lib/libgvm_base.so -> libgvm_base.so.11
lrwxrwxrwx 1 root root 21 Apr 13 19:14 /usr/local/lib/libgvm_base.so.11 -> libgvm_base.so.11.0.0
-rw-r–r-- 1 root root 87800 Apr 13 19:14 /usr/local/lib/libgvm_base.so.11.0.0
lrwxrwxrwx 1 root root 16 Apr 13 19:14 /usr/local/lib/libgvm_gmp.so -> libgvm_gmp.so.11
lrwxrwxrwx 1 root root 20 Apr 13 19:14 /usr/local/lib/libgvm_gmp.so.11 -> libgvm_gmp.so.11.0.0
-rw-r–r-- 1 root root 30832 Apr 13 19:14 /usr/local/lib/libgvm_gmp.so.11.0.0
lrwxrwxrwx 1 root root 16 Apr 13 19:14 /usr/local/lib/libgvm_osp.so -> libgvm_osp.so.11
lrwxrwxrwx 1 root root 20 Apr 13 19:14 /usr/local/lib/libgvm_osp.so.11 -> libgvm_osp.so.11.0.0
-rw-r–r-- 1 root root 32240 Apr 13 19:14 /usr/local/lib/libgvm_osp.so.11.0.0
lrwxrwxrwx 1 root root 17 Apr 13 19:14 /usr/local/lib/libgvm_util.so -> libgvm_util.so.11
lrwxrwxrwx 1 root root 21 Apr 13 19:14 /usr/local/lib/libgvm_util.so.11 -> libgvm_util.so.11.0.0
-rw-r–r-- 1 root root 109016 Apr 13 19:14 /usr/local/lib/libgvm_util.so.11.0.0
Environment
Operating system:
Kernel: (‘uname -a’)
This is docker of ubuntu 18.04 running on top of ubuntu 18.04.
$ uname -a
Linux dfc5540148c2 4.15.0-96-generic #97-Ubuntu SMP Wed Apr 1 03:25:46 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Installation method / source:
Compiled from release source code.