NVT: FreeBSD Ports: net-snmp. FALSE POSITIVE

NVT is referring to “CVE-2005-1740 fixproc in Net-snmp 5.x before 5.2.1-r1” but generates an alarm saying “Package net-snmp version 5.7.3_22,1 is installed which is known to be vulnerable.”

First time scanned I scanned my systems, so I don’t know for how long this failure has been around.

Best wishes

Thank a lot for your report.

The FreeBSD LSCs have been created back then in 2008 by a (unfortunately no longer active) 3rdparty / external contributor via a Generator and are more or less unsupported / unmaintained from Greenbone side.

There are plans to re-create them with a new Generator but that might take some time, i will add the information on possible problems with the version checks created by the old Generator so that these won’t happen with the new Generator.

There are currently two things what can be done on a short-term if there are any issues in the FreeBSD LSCs:

  1. The community is providing patches to fix any problems
  2. Create overwrite for the results as “false positive” in GVM/GSA
1 Like

This is really a simple fix–the original looks like it wasn’t finished. Here’s my diff, tested successfully against net-snmp version 5.9_3,1 on FreeBSD.

# diff original/freebsd_net-snmp0.nasl  2008/freebsd/freebsd_net-snmp0.nasl  
75c75
< if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
---
> if(!isnull(bver) && revcomp(a:bver, b:"5.2.1-r1")<=0) {
1 Like

For this specific case this might indeed do the trick.

The suggested changes just have been submitted for an integration into the feeds with a minor change to use revcomp(a:bver, b:"5.2.1-r1")<0) instead of revcomp(a:bver, b:"5.2.1-r1")<=0) because otherwise 5.2.1-r1 installations would have been marked as vulnerable as well.