Hi, On 20.07.2018 15:28, Robert Fitzpatrick wrote: > My question is why would OpenVAS detect on one > server and not the other when the exact same versions?
with the currently provided info i'm guessing that the following two things could be responsible for this: 1. There are different filters used for report generating where one filter includes NVTs with a QoD of < 70 % and the another one is using the defaults where the vulnerability isn't shown. 2. One system gets detected as Windows, the other as an Unixoide system and thus different results are shown based on the QoD type of the vulnerability. You can read more about the QoD and filter topics here: http://docs.greenbone.net/GSM-Manual/gos-4/en/gui_introduction.html#powerfilter http://docs.greenbone.net/GSM-Manual/gos-4/en/glossary.html#quality-of-detection-qod Regards, > I recently ran a scan on our development server and this vulnerability > was not detected. The server is running the exact same version of MySQL > as the production server, both on FreeBSD 11.1 and packages are reported > as up to date: > > root@dev:~ # pkg info | grep mysql > mysql57-client-5.7.22_1 Multithreaded SQL database (client) > mysql57-server-5.7.22_2 Multithreaded SQL database (server) > > After first detected, the production server was running > mysql57-server-5.7.22_1, so I upgraded to same as the dev server, hoping > the patch was applied in the '_2' version, and restarted the MySQL > server. Re-scanned and still detected. > > Looks like a new NVT since I scanned the dev server, so I re-scanned and > it still does not detect. My question is why would OpenVAS detect on one > server and not the other when the exact same versions? > > Looking at the detection log, it appears the method of detection is > simply the version in the banner of the MySQL banner. > > Concluded from version/product identification result: > 5.7.22-log > > I've looked at both servers, they both show exactly the same info in the > banner: > > Server version: 5.7.22-log Source distribution > > I am new to OpenVAS, perhaps there is an issue I'm not aware of with > detection on the dev server. Would OpenVAS report such a problem when > trying to run an NVT? _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
