Hi,
I’m new to this forum, but I’ve used OpenVAS many times over the past few years.
Recently I invoke OpenVAS to scan a Linux system.
The scan report shows several entries of “High” threat level, all are related to GNU Bash :
High (CVSS: 10.0)
NVT: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 03 (OID:1.3.6.1.4.1.25623.1.0.802085)
Used command: openvas_test=’() { echo vulnerable; }’ bash -c openvas_test
Result: openvas_test=() { echo vulnerable; }: Command not found.
Affected Software/OS
GNU Bash through 4.3 bash43-026
High (CVSS: 10.0)
NVT: GNU Bash Off-by-one aka ‘word_lineno’ Buffer Overflow Vulnerability (LSC) (OID:1.3.6.1.4.1.25623.1.0.802084)
High (CVSS: 10.0)
NVT: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 04 (OID:1.3.6.1.4.1.25623.1.0.802086)
The target system has “Bash-4.3.30” installed, which should not be affected.
On the other hand, it is found that the account on the target system whose username & password are set as OpenVAS credential has “/bin/tcsh” as login shell.
The scan is then repeated with the target account login shell changed to “/bin/bash”, the vulnerabilities said above vanished.
I think this should be a case of false positive.