Thursday, January 29, 2015

Nessus and Backporting

Backporting is the action of taking a fix for a security flaw out of the most recent version of an upstream software package and applying that fix to an older version of the package.the older version is called backported version.
When the fix is applied, the version number that is displayed by the service over the network is not updated.

One of the techniques used by vulnerabilities scanners relies on discovering the target application version and lists its known published vulnerabilities.  In case of backporting, this situation leads to reporting vulnerabilities that doesn't exist (ie: patched). This is called "false positive"

Tenable Nessus includes a file called "backport.inc" which identifies possible backported applications versions. To avoid "false positive" situations, Nessus does not, by default,  report any vulnérability when such versions are detected. This behaviour can be disabled by turning on "paranoid scan mode" in Policies -> Preferences -> Preference Type=Global variable settings -> Report paranoia:paranoid


Bellow is how Nessus reports a possible backported Apache version






No comments:

Post a Comment