Tag Name "operating-system" load into DB issue about risu HOT 7 CLOSED

It wiped out my Nessus xml tags, let's try this again without tag delimiters:

tag name="system-type" ->general-purpose
tag name="operating-system" ->Microsoft Windows Server 2003, Enterprise Edition (English)
tag name="MS11-056" ->2507938
tag name="MS11-054" ->2555917
tag name="mac-address" ->00:50:56:9d:4c:ef

from risu.

Thanks for the report. What version of Nessus did you use? I will test that and see if I can reproduce this

from risu.

I am using Nessus version 4.4.1 build 15078, web server version 2.4.14.

Thanks!

On Wed, Aug 10, 2011 at 2:26 PM, hammackj <
[email protected]>wrote:

Thanks for the report. What version of Nessus did you use? I will test that
and see if I can reproduce this

Reply to this email directly or view it on GitHub:
#38 (comment)

from risu.

Have you tried re-downloading the report from the Nessus gui? It looks like it may have been corrupt. I cannot recreate this yet.

from risu.

I tried a couple different reloads here.

1. Create new MySQL database
2. Create new tables
3. Load Nessus Data
   a) Use the previous .nessus report files (exported from Nessus web
   interface with only HIGH vulnerabilities)
   b) Create new .nessus report file with no filters

In both cases for #3), the hosts.os field is incorrect. It appears like it
takes the last field between the tag name operating-system and tag name
mac-address and sticks that in the hosts.os field. This is always a tag
name with an MS Security Bulletin. Some examples from the .nessus report
file below:

Fails

Microsoft Windows Server 2008 Service Pack
2
2507938
2555917
2525694 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xx

Fails

Microsoft Windows XP Professional
(English)
2535512
2530548
2544521
2536276
2478663
2476490
2507938
2503665
2555917
2518864
2544893 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xx

Works

Microsoft Windows Server 2003 Service Pack
2
00:xx:56:xx:xx:xx

Fails

Microsoft Windows Server 2008 R2 Standard
00:50:56:9c:00:44
2556532
2539636
2563894
2478663
2560656
2567680
2507938
2559049
2487367 <- this tag gets put
in hosts.mac field
172.16.5.91

Looks like it has something to do with those MS security bulletin tag
names. Looking at the code, do they not match and get put into the
@valid_ms_patches array?

Thanks for the help.
Steve

On Sat, Aug 13, 2011 at 6:46 PM, hammackj <
[email protected]>wrote:

Have you tried re-downloading the report from the Nessus gui? It looks like
it may have been corrupt. I cannot recreate this yet.

Reply to this email directly or view it on GitHub:
#38 (comment)

Cell: +1-317-840-9088
LinkedIn: http://www.linkedin.com/in/stevelodin
Twitter: http://twitter.com/stevelodin

from risu.

Looking into this will have a patch as soon as I can.

Sent from my Phone

On Aug 19, 2011, at 8:50 AM, stevelodin
[email protected]
wrote:

I tried a couple different reloads here.

1. Create new MySQL database
2. Create new tables
3. Load Nessus Data
   a) Use the previous .nessus report files (exported from Nessus web
   interface with only HIGH vulnerabilities)
   b) Create new .nessus report file with no filters

In both cases for #3), the hosts.os field is incorrect. It appears like it
takes the last field between the tag name operating-system and tag name
mac-address and sticks that in the hosts.os field. This is always a tag
name with an MS Security Bulletin. Some examples from the .nessus report
file below:

Fails

Microsoft Windows Server 2008 Service Pack
2
2507938
2555917
2525694 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xx

Fails

Microsoft Windows XP Professional
(English)
2535512
2530548
2544521
2536276
2478663
2476490
2507938
2503665
2555917
2518864
2544893 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xx

Works

Microsoft Windows Server 2003 Service Pack
2
00:xx:56:xx:xx:xx

Fails

Microsoft Windows Server 2008 R2 Standard
00:50:56:9c:00:44
2556532
2539636
2563894
2478663
2560656
2567680
2507938
2559049
2487367 <- this tag gets put
in hosts.mac field
172.16.5.91

Looks like it has something to do with those MS security bulletin tag
names. Looking at the code, do they not match and get put into the
@valid_ms_patches array?

Thanks for the help.
Steve

On Sat, Aug 13, 2011 at 6:46 PM, hammackj <
[email protected]>wrote:

Have you tried re-downloading the report from the Nessus gui? It looks like
it may have been corrupt. I cannot recreate this yet.

Reply to this email directly or view it on GitHub:
#38 (comment)

Cell: +1-317-840-9088
LinkedIn: http://www.linkedin.com/in/stevelodin
Twitter: http://twitter.com/stevelodin

Reply to this email directly or view it on GitHub:
#38 (comment)

from risu.

Can you me send your .nessus file, I cannot seem to recreate this by editing a .nessus file to be like that. I should have a fix soon. I have a hunch on what the issue is, just no way to test it.

from risu.