[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvas-discuss
Subject:    Re: [Openvas-discuss] False Positive Notification
From:       "Tom Powers" <tomp () sound-solutions ! biz>
Date:       2012-03-22 17:24:29
Message-ID: 211CB997E93BC049A65C1FA815B90D3403D0CC2C () DEFIANT ! ssi ! private
[Download RAW message or body]

--===============0496606507==
Content-class: urn:content-classes:message
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----_=_NextPart_001_01CD0850.A322FBFE"

This is a multi-part message in MIME format.

[Attachment #2 (multipart/alternative)]


Sound Solutions, Inc.
8400 Highland Dr.
Wausau, WI  54401
Tel: 715-842-7665
Fax: 715-842-7620
But the patch is installed to all machines, yet the vulnerability still shows up.



When we run a nessus scan against it, we see no vulnerability. When we use trend \
micro to check it, it shows no vulnerability, and when we use GFI to check it, it \
shows no vulnerability.



All help is appreciated



TP



From: openvas-discuss-bounces@wald.intevation.org \
                [mailto:openvas-discuss-bounces@wald.intevation.org] On Behalf Of \
                Antu Sanadi
Sent: Thursday, March 22, 2012 2:26 AM
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] False Positive Notification



Hello Tom,



Its not dealing with WAB.EXE. It is checking the version from registry
for Microsoft Address Book  and morever it releated to wab32res.dll.
Still this vulnerability is not fixed.

So obviously it will report vulnerability.

Thanks,
Antu S




On Wednesday 21 March 2012 09:17 PM, Tom Powers wrote:



Sound Solutions, Inc.

8400 Highland Dr.
Wausau, WI  54401
Tel: 715-842-7665
Fax: 715-842-7620

	Hello:



In the past…I have found some NVTs that didn't work and submitted them here. If \
this is till the right way to do this…I will continue as I have a few to post.



If not…please let me know the proper protocol.





I have found a misdetection in this NVT:



http://openvas.komma-nix.de/index.php?oid=801457





It deals with the version of the WAB.EXE file.  The patched version is 6.0.2900.6040



The test is looking for test_version:"6.0.2900.5512"

Yet still shows the vulnerabilty is being there, even though the revision is higher \
than the test.

Can we have that looked at?


Thanks


Tom P








________________________________




Sound Solutions, Inc.  - Since 1995

We Appreciate Your Business and Referrals


This message (and any associated files) is intended only for the use of the \
individual or entity to which it is addressed and may contain information that is \
confidential, subject to copyright or constitutes a trade secret. If you are not the \
intended recipient you are hereby notified that any dissemination, copying or \
distribution of this message, or files associated with this message, is strictly \
prohibited. If you have received this message in error, please notify us immediately \
by replying to the message and deleting it from your computer. Messages sent to and \
from us may be monitored.

Internet communications cannot be guaranteed to be secure or error-free as \
information could be intercepted, corrupted, lost, destroyed, arrive late or \
incomplete, or contain viruses. Therefore, we do not accept responsibility for any \
errors or omissions that are present in this message, or any attachment, that have \
arisen as a result of e-mail transmission. If verification is required, please \
request a hard-copy version. Any views or opinions presented are solely those of the \
author and do not necessarily represent those of the company.



_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss






--
Antu Sanadi | Security Research Analyst
SecPod Technologies Pvt. Ltd | http://www.secpod.com/
1354, 3rd Floor|9th Cross, 80ft Road, 33rd Main,
1st Phase, JP Nagar| Bangalore - 560078 |India



--------------------------------------------------------------------------
  
Sound Solutions, Inc.  - Since 1995
We Appreciate Your Business and Referrals

This message (and any associated files) is intended only for the use of the \
individual or entity to which it is addressed and may contain information that is \
confidential, subject to copyright or constitutes a trade secret. If you are not the \
intended recipient you are hereby notified that any dissemination, copying or \
distribution of this message, or files associated with this message, is strictly \
prohibited. If you have received this message in error, please notify us immediately \
by replying to the message and deleting it from your computer. Messages sent to and \
from us may be monitored.

Internet communications cannot be guaranteed to be secure or error-free as \
information could be intercepted, corrupted, lost, destroyed, arrive late or \
incomplete, or contain viruses. Therefore, we do not accept responsibility for any \
errors or omissions that are present in this message, or any attachment, that have \
arisen as a result of e-mail transmission. If verification is required, please \
request a hard-copy version. Any views or opinions presented are solely those of the \
author and do not necessarily represent those of the company.


[Attachment #5 (text/html)]

<HTML xmlns="http://www.w3.org/TR/REC-html40" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:w="urn:schemas-microsoft-com:office:word"><head><META content="text/html; \
charset=utf-8" http-equiv="Content-Type">

<meta content="text/html; charset=utf-8" http-equiv=Content-Type>
<meta content="Microsoft Word 12 (filtered medium)" name=Generator>
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";
	color:black;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
code
	{mso-style-priority:99;
	font-family:"Courier New";}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML Preformatted Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";
	color:black;}
span.HTMLPreformattedChar
	{mso-style-name:"HTML Preformatted Char";
	mso-style-priority:99;
	mso-style-link:"HTML Preformatted";
	font-family:"Courier New";}
span.EmailStyle20
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle21
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head><BODY>
<DIV>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0"><!-- Letter Heading -->
<TBODY>
<TR>
<TD ALIGN="right" COLSPAN="3"><IMG ALIGN="baseline" ALT="" BORDER="0" HSPACE="0" \
SRC="cid:logo22005_3.gif@d830d0f0.e98d4894"><BR> <DIV STYLE="FONT-SIZE: 9pt; COLOR: \
navy; FONT-FAMILY: verdana">Sound Solutions, Inc.</DIV> <DIV STYLE="FONT-SIZE: 9pt; \
COLOR: navy; FONT-FAMILY: verdana">8400 Highland Dr.<BR>Wausau, WI&nbsp; \
54401<BR>Tel: 715-842-7665<BR>Fax: 715-842-7620<BR></DIV></TD></TR><!-- Letter Body \
--> <TR>
<TD><!-- Left margin --></TD>
<TD>

<div class=Section1>

<p class=MsoNormal><span style='color:#1F497D'>But the patch is installed to
all machines, yet the vulnerability still shows up.<o:p></o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'>When we run a nessus scan
against it, we see no vulnerability. When we use trend micro to check it, it
shows no vulnerability, and when we use GFI to check it, it shows no
vulnerability.<o:p></o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'>All help is \
appreciated<o:p></o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'>TP<o:p></o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"; \
color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family: \
"Tahoma","sans-serif";color:windowtext'> openvas-discuss-bounces@wald.intevation.org
[mailto:openvas-discuss-bounces@wald.intevation.org] <b>On Behalf Of </b>Antu
Sanadi<br>
<b>Sent:</b> Thursday, March 22, 2012 2:26 AM<br>
<b>To:</b> openvas-discuss@wald.intevation.org<br>
<b>Subject:</b> Re: [Openvas-discuss] False Positive \
Notification<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Hello Tom, <o:p></o:p></p>

<pre><o:p>&nbsp;</o:p></pre>

<p class=MsoNormal>Its not dealing with WAB.EXE. It is checking the version
from registry<br>
for Microsoft Address Book&nbsp; and morever it releated to wab32res.dll. <br>
Still this vulnerability is not fixed. <br>
<br>
So obviously it will report vulnerability.<br>
<br>
Thanks,<br>
Antu S<br>
<br>
<br>
<br>
<br>
On Wednesday 21 March 2012 09:17 PM, Tom Powers wrote: <o:p></o:p></p>

<div>

<table border=0 cellpadding=0 cellspacing=0 class=MsoNormalTable>
 <tr>
  <td colspan=3 style='padding:0in 0in 0in 0in'>
  <p align=right class=MsoNormal style='text-align:right'><span \
style='font-size:12.0pt;font-family:"Times New Roman","serif"'><img height=161 \
id="_x0000_i1025" src="cid:image001.gif@01CD0826.B9F96080" \
width=295><o:p></o:p></span></p>  <div>
  <p align=right class=MsoNormal style='text-align:right'><span \
style='font-size:9.0pt;font-family:"Verdana","sans-serif";color:navy'>Sound  \
Solutions, Inc.<o:p></o:p></span></p>  </div>
  <div>
  <p align=right class=MsoNormal style='text-align:right'><span \
style='font-size:9.0pt;font-family:"Verdana","sans-serif";color:navy'>8400  Highland \
Dr.<br>  Wausau, WI&nbsp; 54401<br>
  Tel: 715-842-7665<br>
  Fax: 715-842-7620<o:p></o:p></span></p>
  </div>
  </td>
 </tr>
 <tr>
  <td style='padding:0in 0in 0in 0in'></td>
  <td style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal>Hello:<o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <p class=MsoNormal>In the past…I have found some NVTs that didn't work and
  submitted them here. If this is till the right way to do this…I will continue
  as I have a few to post.<o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <p class=MsoNormal>If not…please let me know the proper protocol.<o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <p class=MsoNormal>I have found a misdetection in this NVT:<o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <p class=MsoNormal><a \
href="http://openvas.komma-nix.de/index.php?oid=801457">http://openvas.komma-nix.de/index.php?oid=801457</a><o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <p class=MsoNormal>It deals with the version of the WAB.EXE file.&nbsp; The
  patched version is 6.0.2900.6040<o:p></o:p></p>
  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  <pre>The test is looking for \
test_version:&quot;6.0.2900.5512&quot;<o:p></o:p></pre><pre>&nbsp;<o:p></o:p></pre><pre>Yet \
still shows the vulnerabilty is being there, even though the revision is higher than \
the test.<o:p></o:p></pre><pre>&nbsp;<o:p></o:p></pre><pre>Can we have that looked \
at?<o:p></o:p></pre><pre><o:p>&nbsp;</o:p></pre><pre><o:p>&nbsp;</o:p></pre><pre>Thank \
s<o:p></o:p></pre><pre><o:p>&nbsp;</o:p></pre><pre><o:p>&nbsp;</o:p></pre><pre>Tom \
P<o:p></o:p></pre><pre>&nbsp;<o:p></o:p></pre><pre>&nbsp;<o:p></o:p></pre>  <p \
class=MsoNormal>&nbsp;<o:p></o:p></p>  <p class=MsoNormal>&nbsp;<o:p></o:p></p>
  </td>
  <td style='padding:0in 0in 0in 0in'></td>
 </tr>
 <tr>
  <td colspan=3 style='padding:0in 0in 0in 0in'>
  <div align=center class=MsoNormal style='mso-margin-top-alt:0in;margin-right:
  .25in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;text-align:
  center'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>
  <hr align=center size=2 width="100%">
  </span></div>
  <div>
  <p align=center class=MsoNormal style='mso-margin-top-alt:0in;margin-right:
  .25in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;text-align:
  center'><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";
  color:navy'>&nbsp;<o:p></o:p></span></p>
  </div>
  <div>
  <p align=center class=MsoNormal style='mso-margin-top-alt:0in;margin-right:
  .25in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;text-align:
  center'><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";
  color:navy'>Sound Solutions, Inc.&nbsp; - Since 1995<o:p></o:p></span></p>
  </div>
  <div>
  <p align=center class=MsoNormal style='mso-margin-top-alt:0in;margin-right:
  .25in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;text-align:
  center'><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";
  color:navy'>We Appreciate Your Business and Referrals<o:p></o:p></span></p>
  </div>
  </td>
 </tr>
 <tr>
  <td colspan=3 style='padding:0in 0in 0in 0in'>
  <p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:12.0pt;
  font-family:"Times New Roman","serif"'><br>
  </span><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";
  color:gray'>This message (and any associated files) is intended only for the
  use of the individual or entity to which it is addressed and may contain
  information that is confidential, subject to copyright or constitutes a trade
  secret. If you are not the intended recipient you are hereby notified that
  any dissemination, copying or distribution of this message, or files
  associated with this message, is strictly prohibited. If you have received
  this message in error, please notify us immediately by replying to the
  message and deleting it from your computer. Messages sent to and from us may
  be monitored. <br>
  <br>
  Internet communications cannot be guaranteed to be secure or error-free as
  information could be intercepted, corrupted, lost, destroyed, arrive late or
  incomplete, or contain viruses. Therefore, we do not accept responsibility
  for any errors or omissions that are present in this message, or any
  attachment, that have arisen as a result of e-mail transmission. If
  verification is required, please request a hard-copy version. Any views or
  opinions presented are solely those of the author and do not necessarily
  represent those of the company. </span><span style='font-size:12.0pt;
  font-family:"Times New Roman","serif"'><o:p></o:p></span></p>
  </td>
 </tr>
</table>

</div>

<pre><o:p>&nbsp;</o:p></pre><pre><o:p>&nbsp;</o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>Openvas-discuss \
mailing list<o:p></o:p></pre><pre><a \
href="mailto:Openvas-discuss@wald.intevation.org">Openvas-discuss@wald.intevation.org</a><o:p></o:p></pre><pre><a \
href="http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss">http: \
//lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss</a><o:p></o:p></pre>


<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New \
Roman","serif"'><br> <br>
<br>
<o:p></o:p></span></p>

<pre>-- <o:p></o:p></pre><pre>Antu Sanadi | Security Research \
Analyst<o:p></o:p></pre><pre>SecPod Technologies Pvt. Ltd | <a \
href="http://www.secpod.com/">http://www.secpod.com/</a> <o:p></o:p></pre><pre>1354, \
3rd Floor|9th Cross, 80ft Road, 33rd Main,<o:p></o:p></pre><pre>1st Phase, JP Nagar| \
Bangalore - 560078 |India<o:p></o:p></pre><pre><o:p>&nbsp;</o:p></pre><pre><o:p>&nbsp;</o:p></pre></div>


</TD>
<TD><!-- Right margin --></TD></TR><!-- Footer -->
<TR>
<TD COLSPAN="3">
<CENTER STYLE="MARGIN-LEFT: 18pt; MARGIN-RIGHT: 18pt">
<HR>
</CENTER>
<CENTER STYLE="MARGIN-LEFT: 18pt; MARGIN-RIGHT: 18pt">
<DIV STYLE="FONT-SIZE: 7pt; COLOR: navy; FONT-FAMILY: verdana; align: \
center">&nbsp;</DIV> <DIV STYLE="FONT-SIZE: 7pt; COLOR: navy; FONT-FAMILY: verdana; \
align: center">Sound Solutions, Inc.&nbsp; - Since 1995</DIV> <DIV STYLE="FONT-SIZE: \
7pt; COLOR: navy; FONT-FAMILY: verdana; align: center">We Appreciate Your Business \
and Referrals</DIV></CENTER></TD></TR><!-- Disclaimer --> <TR>
<TD COLSPAN="3"><BR><SPAN STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: \
verdana">This message (and any associated files) is intended only for the use of the \
individual or entity to which it is addressed and may contain information that is \
confidential, subject to copyright or constitutes a trade secret. If you are not the \
intended recipient you are hereby notified that any dissemination, copying or \
distribution of this message, or files associated with this message, is strictly \
prohibited. If you have received this message in error, please notify us immediately \
by replying to the message and deleting it from your computer. Messages sent to and \
from us may be monitored. <BR><BR>Internet communications cannot be guaranteed to be \
secure or error-free as information could be intercepted, corrupted, lost, destroyed, \
arrive late or incomplete, or contain viruses. Therefore, we do not accept \
responsibility for any errors or omissions that are present in this message, or any \
attachment, that have arisen as a result of e-mail transmission. If verification is \
required, please request a hard-copy version. Any views or opinions presented are \
solely those of the author and do not necessarily represent those of the company. \
<BR><BR></SPAN></TD></TR></TBODY></TABLE></DIV></BODY></HTML>


["image001.gif" (image/gif)]
["logo22005_3.gif" (image/gif)]

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--===============0496606507==--

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic