NVT: FreeBSD Ports: net-snmp. FALSE POSITIVE

NVT is referring to “CVE-2005-1740 fixproc in Net-snmp 5.x before 5.2.1-r1” but generates an alarm saying “Package net-snmp version 5.7.3_22,1 is installed which is known to be vulnerable.”

First time scanned I scanned my systems, so I don’t know for how long this failure has been around.

Best wishes

Thank a lot for your report.

The FreeBSD LSCs have been created back then in 2008 by a (unfortunately no longer active) 3rdparty / external contributor via a Generator and are more or less unsupported / unmaintained from Greenbone side.

There are plans to re-create them with a new Generator but that might take some time, i will add the information on possible problems with the version checks created by the old Generator so that these won’t happen with the new Generator.

There are currently two things what can be done on a short-term if there are any issues in the FreeBSD LSCs:

  1. The community is providing patches to fix any problems
  2. Create overwrite for the results as “false positive” in GVM/GSA
1 Like