openVAS - Greenbone pkg update

ygthnblg

New Member


Messages: 1

Hey,

I currently work on a project to scan a network and find vulnerabilities which has to be on FreeBSD. So, as a first step, I installed packages of openvas9 and scanned the network by using the web interface. There is also a server on ubuntu to see what openvas will find.

On the report, there is a vulnerability called “Report outdated / end-of-life Scan Engine / Environment (local)” which makes me think the system isn’t working quite well since the server has apache2 and open port 80 HTTP but couldn’t tell any of these as a vulnerability.

There is also a part on the report as:

Vulnerability Detection Result:
Installed GVM Libraries (gvm-libs) version: 9.0.1
Latest available GVM Libraries (gvm-libs) version: 10.0.2

I couldn’t update this gvm library, and I couldn’t even find this library to update in the list of packages. All conversations and videos are on Kali or etc. I have got in touch with the greenbone community and got this reply "Greenbone is not in charge for your version of our software. Therefore you should contact the provider of your packages (most likely your distribution) and create a request for updated packages."

I also add the report, I hope someone can help me to solve the errors I mentioned in the upper text. Sorry if I wrote something unnecessary or irrelevant with this page, I am a student and quite new in this field.

Thank you,
 

Attachments

  • openVAS report- FandVDU all ip block.txt
    45.5 KB · Views: 121

T-Daemon

Daemon

Reaction score: 881
Messages: 1,761

If there are complains in the openVAS report about "outdated or end-of-life scan engine" then you can file a bug report to request a update of the security/openvas9 meta port, which implies also updating

security/openvas9-libraries
security/openvas9-cli
security/openvas9-manager
security/openvas9-scanner
security/greenbone-security-assistant9

When filing a bug report add the relevant sections of the summary, e.g.:
Code:
...
Summary:
This script checks and reports an outdated or end-of-life scan engine
  for the following environments:
  - Greenbone Source Edition (GSE)
  - Greenbone Community Edition (GCE)
....
Vulnerability Detection Result:
Installed GVM Libraries (gvm-libs) version:        9.0.1
Latest available GVM Libraries (gvm-libs) version: 10.0.2
....
Solution:
Solution type: VendorFix
Update to the latest available stable release for your scan environment. Please !
check the
  references for more information. If you're using packages provided by your Lin!
ux distribution please contact the maintainer
  of the used distribution / repository and request updated packages.
....

Bare in mind, the port maintainers are understaffed, many of them maintain multiple ports, keep the informations as condensed as possible, add the report in addition as attachment. How long it will take to update all ports is up to the situation. The update of the ports could be easy, as simple as changing some lines in the corresponding make files, or more complicated, when the run time dependencies of the ports require special attention. Also it depends on how busy the maintainer is, acm@freebsd.org in this case, for all mentioned ports above.

Or you could try to update the ports yourself and add a patch to the bug report:

 
Top