False Positive, Adobe Acrobat 2019.0

alexxq · July 23, 2019, 4:10pm

There is a false positive for Adobe Acrobat 2019.0.

It is detected in 2009/secpod_adobe_prdts_bof_vuln_win.nasl (1.3.6.1.4.1.25623.1.0.900320) by this:

  if(version_in_range(version:acrobatVer, test_version:"7.0", test_version2:"7.1.0")||
     version_in_range(version:acrobatVer, test_version:"8.0", test_version2:"8.1.3")||
     acrobatVer =~ "9.0")
  {
    security_message( port: 0, data: "The target host was found to be vulnerable" );
    exit(0);
  }

This false positive can be prevented by wrapping it in:

if(readerVer =~ “^(7|8|9)”) { … }

This is consitsent with the section directly above it, dealing with Adobe Reader.

Updated NVT available here: https://github.com/xqcyberscore/nvt/blob/master/2009/secpod_adobe_prdts_bof_vuln_win.nasl

How can I submit this into the community feed?

_ad · July 24, 2019, 9:34am

Hi there, thanks for bringing this issue forward.

A similar fix to the one you provided has been developed and will be making it’s way into the feed in the coming days.

alexxq · July 24, 2019, 9:50am

Thanks for your reply

We routinely patch NVTs where we find issues, can we submit them to you in any way?

It kind of feels right for there to be a GitHub repository containing NVTs, to which members of the community could submit PRs. I’d really like to contribute to the community!

cfi · July 24, 2019, 10:13am

The access to the SCM for the VTs was restricted not that long ago as announced here and we are not aware of any plans to change this again.

Unfortunately the only way to contribute to the feed is currently to submit posts (maybe including a git diff / patch) here in this community portal / category.