I recently ran a scan on our development server and this vulnerability
was not detected. The server is running the exact same version of MySQL
as the production server, both on FreeBSD 11.1 and packages are reported
as up to date:
root@dev:~ # pkg info | grep mysql
mysql57-client-5.7.22_1 Multithreaded SQL database (client)
mysql57-server-5.7.22_2 Multithreaded SQL database (server)
After first detected, the production server was running
mysql57-server-5.7.22_1, so I upgraded to same as the dev server, hoping
the patch was applied in the '_2' version, and restarted the MySQL
server. Re-scanned and still detected.
Looks like a new NVT since I scanned the dev server, so I re-scanned and
it still does not detect. My question is why would OpenVAS detect on one
server and not the other when the exact same versions?
Looking at the detection log, it appears the method of detection is
simply the version in the banner of the MySQL banner.
Concluded from version/product identification result:
5.7.22-log
I've looked at both servers, they both show exactly the same info in the
banner:
Server version: 5.7.22-log Source distribution
I am new to OpenVAS, perhaps there is an issue I'm not aware of with
detection on the dev server. Would OpenVAS report such a problem when
trying to run an NVT?
--
Robert
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
