Home
My Page
Projects
OpenVAS

[#6930] wrong version for data protector detection

Date:
2017-08-09 06:57
Priority:
3
State:
Closed
Submitted by:
Arco van Geest (gnulnulf)
Assigned to:
Nobody (None)
Architecture:
None
Product:
OpenVAS
Operating System:
None
Component:
openvas-plugins
Version:
None
Severity:
normal
Resolution:
Fixed
Hardware:
None
URL:
 
Summary:
wrong version for data protector detection

Detailed description
Dataprotector reports the wrong version in the inet component.

The build date of the 9.00 inet version is the same as the 9.08 omnicc version.

I tested this on h-ux and linux.



#####################

Vulnerability Detection Result



Detected HP/HPE (OpenView Storage) Data Protector



Version: A.09.00 build 112

Location: 5555/tcp

CPE: cpe:/a:hp:data_protector:09.00



Concluded from version/product identification result:

HPE Data Protector A.09.00: INET, internal build 112, built on Wed 12 Oct 2016 04:54:19 AM CEST



Log Method



Details: HP/HPE (OpenView Storage) Data Protector Detection (OID: 1.3.6.1.4.1.25623.1.0.19601)



Version used: $Revision: 6436 $



############



/opt/omni/lbin/inet :

[root@]# telnet 127.0.0.1 5555

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

HPE Data Protector A.09.00: INET, internal build 112, built on Wed 12 Oct 2016 04:54:19 AM CEST

Connection closed by foreign host.



[root@]# /opt/omni/bin/omnicc -version

HPE Data Protector A.09.08: OMNICC, internal build 112, built on Wed 12 Oct 2016 05:09:13 AM CEST



[root@]# /opt/omni/lbin/inet -version

HPE Data Protector A.09.00: INET, internal build 112, built on Wed Oct 12 04:54:19 2016

Followup

Message
Date: 2017-09-28 13:47
Sender: Christian Fischer

No response so far so closing for now.

The NVTs doing versions checks now have a lower QoD and won't show up by default. If the product isn't reporting a reliable version there is not that much we can do here.
Date: 2017-08-09 08:54
Sender: Christian Fischer

Hi,

and thanks for your report. Indeed it seems that they are rising the internal build number without raising the version reported in HPE Data Protector A.09.00 banner like e.g.

HPE Data Protector A.09.00: INET, internal build 112, built on Wed 12 Oct 2016 04:54:19 AM CEST
HPE Data Protector A.09.09: INET, internal build 114, built on 28 March 2017, 23
HPE Data Protector A.09.09: INET, internal build 115, built on Tuesday, May 23
HP Data Protector A.09.00: INET, internal build 87, built on Monday, June 09, 2014, 7:46

https://www.shodan.io/search?query=Data+Protector+port%3A%225555%22

Do you have access to any information about a matching of the internal build number to a major release like 09.06 or 09.08?

If not then there is not that much what we could do here besides lowering the QoD value of all version-based NVTs to < 70%.

Attached Files:

Changes:

Field Old Value Date By
status_idOpen2017-09-28 13:47cfi
close_dateNone2017-09-28 13:47cfi
ResolutionAwaiting Response2017-09-28 13:47cfi
ResolutionNone2017-08-09 08:54cfi

This site is hosted by Intevation GmbH