Nasl scripts that do not give version information

I found that some of the nasl scripts do not give any information about the detected version or fixed version despite the scripts check whether the version is in a vulnerable range or not.

Here is an example code:

if(version_in_range(version:exeVer, test_version:“15.0”, test_version2:“15.0.847.37”))
{
security_message( port: 0, data: “The target host was found to be vulnerable” );
exit(0);
}

It just prints “The target host was found to be vulnerable” to the report without version information. Some of the nasl scripts use “report_fixed_ver” function for creating a report including the version information. We can change the above code as follows:

if(version_in_range(version:exeVer, test_version:“15.0”, test_version2:“15.0.847.37”))
{
report = report_fixed_ver( installed_version:exeVer, fixed_version:“15.0.847.38”, install_path:exchangePath );
security_message(data:report);
exit(0);
}

I parsed the all nasl scripts and found such scripts that do not print version information to scan reports. I pasted oid fields into here:
https://paste.ubuntu.com/p/q8TtyMNKCY/

I would be glad if you can modify the scripts to give detected and fixed version information.

Thank you in advance.

Thanks for your interest in reporting possible feed improvements.

All newer VTs since around 2017 or 2018 have already included this version in the reporting. Older VTs are updated from time to time during feed maintenance works depending on the time / resources available.

We’re happily accepting patches for this task from the Community.

1 Like

I did a patch for some of the corresponding scripts to give the version information. I modified the “security_message” functions under “version_is_less” and “version_in_range” functions as I stated in the topic.

The number of modified scripts is 1829. I checked the scripts with openvas-nasl-lint and no syntax errors found. I also ran a scan and modified scripts that found any vulnerability gave the version information to the report.

I would be happy to share the scripts. If you want me to share, how can I do it?

1 Like

I have forwarded your question to the Feed team, they will get in touch with you soon to clarify your question.

cc @asteins @ckuerste @_jp @_OR

1 Like