Karl
April 30, 2020, 3:24pm
1
We see 13 pairs of files in the NVT feed that call script_oid() with duplicate values. Is this correct?
Thanks,
Karl
gb_oracle_weblogic_http_detect.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.100493”);
gb_grandstream_gxp_http_detect.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.103594”);
gb_huawei_switch_detect.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.106156”);
attic/cvs_in_www.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.10922”);
gcf/attic/nopsec_php_5_3_9.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.110012”);
gcf/nopsec_php_5_2_15.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.110066”);
gcf/attic/nopsec_php_5_2_11.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.110176”);
gcf/attic/nopsec_php_5_3_1.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.110178”);
gcf/attic/nopsec_php_5_2_8.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.110180”);
gcf/nopsec_php_5_2_9.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.110187”);
2020/kronos/sf_kronos_4500_telnet_default_credentials.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.112710”);
ospf_detect.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.11906”);
gb_huawei_vrp_network_device_ssh_login_detect.nasl: script_oid(“1.3.6.1.4.1.25623.1.0.143679”);
cfi
May 1, 2020, 10:33am
2
Those VTs got renamed recently. Have you tried to verify that those are indeed duplicated on your filesystem? Because there might be also just a hiccup in GVM during the feed update which hasn’t detected the move of the files correctly.
2 Likes
Karl
May 1, 2020, 8:19pm
3
I removed the contents of my nvt folder and re-ran rsync. Now I have 14 pairs of duplicates.
attic/cvs_in_www.nasl: script_oid("1.3.6.1.4.1.25623.1.0.10922");
pre2008/cvs_in_www.nasl: script_oid("1.3.6.1.4.1.25623.1.0.10922");
ospf_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.11906");
pre2008/ospf_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.11906");
gb_oracle_weblogic_http_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.100493");
oracle_webLogic_server_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.100493");
gb_grandstream_gxp_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.103594");
gb_grandstream_gxp_http_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.103594");
gb_apache_activemq_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.105330");
gb_apache_activemq_http_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.105330");
gb_huawei_switch_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.106156");
gb_huawei_vrp_network_device_snmp_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.106156");
gcf/attic/nopsec_php_5_3_9.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110012");
gcf/nopsec_php_5_3_9.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110012");
gcf/attic/nopsec_php_5_2_15.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110066");
gcf/nopsec_php_5_2_15.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110066");
gcf/attic/nopsec_php_5_2_11.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110176");
gcf/nopsec_php_5_2_11.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110176");
gcf/attic/nopsec_php_5_3_1.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110178");
gcf/nopsec_php_5_3_1.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110178");
gcf/attic/nopsec_php_5_2_8.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110180");
gcf/nopsec_php_5_2_8.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110180");
gcf/attic/nopsec_php_5_2_9.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110187");
gcf/nopsec_php_5_2_9.nasl: script_oid("1.3.6.1.4.1.25623.1.0.110187");
2020/kronos/gb_kronos_4500_telnet_default_credentials.nasl: script_oid("1.3.6.1.4.1.25623.1.0.112710");
2020/kronos/sf_kronos_4500_telnet_default_credentials.nasl: script_oid("1.3.6.1.4.1.25623.1.0.112710");
gb_huawei_vrp_network_device_ssh_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.143679");
gb_huawei_vrp_network_device_ssh_login_detect.nasl: script_oid("1.3.6.1.4.1.25623.1.0.143679");
cfi
May 1, 2020, 10:33pm
4
I had setup a fresh GCE 6.0.7 today (which is using the GCF as well), did a sync and can’t find those duplicated files on the filesystem / in the plugin folder. So the question here remains:
Karl
May 2, 2020, 1:31am
5
Interesting. I downloaded, built from source, and installed the released GVM-11 (5 tar files), then ran greenbone-nvt-sync. I searched the plugins folder and found the exact same 28 files containing duplicates.
The duplicated files are there on rsync://feed.openvas.org:/nvt-feed
Karl
cfi
May 2, 2020, 10:10am
6
This looks like the part which plays an important role here. Last month the URL got updated to rsync://feed.community.greenbone.net:/nvt-feed with:
greenbone:openvas-7.0 ← jjnicola:new-url
opened 11:29AM - 09 Apr 20 UTC
Backport PR #448 and PR #450
Just had checked in manually, on the new URL the files are not duplicated but they are indeed duplicated on the old URL.
In various posts in this forums i have read the suggestions to use the “release” branches like https://github.com/greenbone/openvas/tree/openvas-7.0 instead of the tarball as the latter are outdated. Those release branch would also include / use the new URL.
Karl
May 2, 2020, 12:33pm
7
Thank you! That did the trick.
Karl
1 Like