Discussion:
Meltdown & Spectre vulnerability plugins
(too old to reply)
Al-Dhalaan, Abdul
2018-01-09 03:07:21 UTC
Permalink
Hello,

Quick question, what’s the current state of scanning for Meltdown and Spectre in Openvas? Do we have plugins with a reliable detection rate for both Linux and windows based operating systems?

On a related note, I’ve been getting refused connections when attempting to search for plugins in http://plugins.openvas.org

Thanks,
Abdul
Christian Fischer
2018-01-09 07:21:39 UTC
Permalink
Hi,
Quick question, what’s the current state of scanning for Meltdown and Spectre in Openvas? Do we have plugins with a reliable detection rate for both Linux and windows based operating systems?
you can always go to SecInfo -> NVTs in your GSA or to [1] and input the
following CVEs into the filter to get a state of the Meltdown / Spectre
NVTs in your current feed version:

CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

After the next update of the community feed you should get around 47
NVTs/LSCs handling those vulnerabilities. More NVTs/LSCs are added based
on the publishing time of vendor advisories.

Regards,

[1] https://secinfo.greenbone.net/omp?r=1&token=guest
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Loading...