System identifier unknown with VT OID 1.3.6.1.4.1.25623.1.0.108441

Hello,

I have an issue with plugin OID 1.3.6.1.4.1.25623.1.0.108441 (Determine OS and list of installed packages via SSH login)

I’m scanning on a weekly basis a list of linux hosts with authenticated scans enabled and working. Scans works fine but local security checks are not performed since the system identifier is unknown by the NVT. Targets are running Linux Mint, with the following identifiers:

Linux ov-eqi 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Is there any workaround / solution to this issue ? (I’ve seen a post from cfi asking for feedbacks on this, but the thread is more than 1 year old, so not sure if it’s still open)

Thanks a lot

Indeed a basic detection for Linux Mint could be implemented, it would be great if you could post the output of the following VT (either here or privately via PN to me):

Name: OS Detection Consolidation and Reporting
OID: 1.3.6.1.4.1.25623.1.0.105937
Family: Product detection

as described in Call for info: Unknown OS and Service Banner Reporting

Note: Such an implementation would only introduce OS Detection for Linux Mint. There are no plans by Greenbone to support this Linux Distributions for package manager based authenticated scans, especially as it seems (only did a short research) that Linux Mint doesn’t publish any vendor advisories for their packages.

Hi,

Here is the output:

Vulnerability Detection Result

Best matching OS:

OS: Ubuntu
Version: 16.04
CPE: cpe:/o:canonical:ubuntu_linux:16.04
Found by NVT: 1.3.6.1.4.1.25623.1.0.105586 (SSH OS Identification)
Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
Setting key “Host/runs_unixoide” based on this information

As you can see Linux Mint is just an Ubuntu variant. It use the same packages repository, and follow the mainstream releases plan, so packages are identical to the Ubuntu distribution. So using the ubuntu plugin should work without issues.

Thanks

Thanks for providing this information. Unfortunately i had requested the wrong output, the correct one would be:

Name: Unknown OS and Service Banner Reporting
OID: 1.3.6.1.4.1.25623.1.0.108441
Family: Service detection

Not necessarily, at least not for various packages of the current release like e.g. for the bash package

4.3+linuxmint5

as seen on: http://packages.linuxmint.com/.

But generally there won’t be any package scanning support provided by Greenbone for Linux Mint, this is something which requires support and maintenance of a community contributor.

Thanks; here you go:

Vulnerability Detection Result

Unknown banners have been collected which might help to identify the OS running on this host. If these banners containing information about the host OS please report the following information to https://community.greenbone.net/c/vulnerability-tests:

Banner: uname: Linux ov-master-eqi 4.10.0-38-generic #42~16.04.1-Ubuntu SMP Tue Oct 10 16:32:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

rpm -qf /etc/redhat-release: error: file /etc/redhat-release: No such file or directory

/etc/issue: Linux Mint 18.3 Sylvia **
** \l

**/etc/lsb-release: DISTRIB_ID=LinuxMint **
**DISTRIB_RELEASE=18.3 **
**DISTRIB_CODENAME=sylvia **
DISTRIB_DESCRIPTION=“Linux Mint 18.3 Sylvia”

/etc/debian_version: stretch/sid

**/etc/os-release: NAME=“Linux Mint” **
**VERSION=“18.3 (Sylvia)” **
**ID=linuxmint **
**ID_LIKE=ubuntu **
**PRETTY_NAME=“Linux Mint 18.3” **
**VERSION_ID=“18.3” **
**HOME_URL=“http://www.linuxmint.com/” **
**SUPPORT_URL=“http://forums.linuxmint.com/” **
**BUG_REPORT_URL=“Bugs : Linux Mint” **
**VERSION_CODENAME=sylvia **
UBUNTU_CODENAME=xenial
Identified from: Determine OS and list of installed packages via SSH login on port 22/tcp

1 Like

Btw, strange things is that the target had 7 hosts (all alive Linux Mints, of different versions). But this VT

> Unknown OS and Service Banner Reporting

only appears once, while the VT

> OS Detection Consolidation and Reporting

appears correctly for all targets. Still local security checks fails for all of them.

What is the reason behind this ?

Thanks

Thanks again for providing this information, this should be enough to implement at least some basic OS Detection capabilities when doing authenticated scans. It will take some time tough, will give a note here once this was done.

The simplest explanation for this could be that these are detected as Debian because Linux Mint seems to be providing a /etc/debian_version with a Debian specific codename in addition to the other previous posted files having Linux Mint specific info included.

1 Like