View Issue Details

IDProjectCategoryView StatusLast Update
0005797Kali Linux[All Projects] Tool Upgradepublic2020-12-01 10:48
Reporterpeerj Assigned Tosbrun  
PrioritynormalSeverityfeatureReproducibilityalways
Status resolvedResolutionfixed 
Product Versionkali-dev 
Target VersionFixed in Version 
Summary0005797: OpenVAS Vulnerability Assessment System
DescriptionOpenVAS, the FLOSS successor to nessus, is maintained since years ago by a developer group at "greenbone", and they also maintain a (or the?) community and a community version, e.g. a VM made from the source code of the community version.

The OpenVAS Vulnerability Assessment System and the accompanying "greenbone security assistant" which are already in kali seem to be seriously out of sync with upstream.

I just installed Kali 2019.3 which upgraded itself quite naturally to 2019.4, but the OpenVAS/greenbone system is still 2 (!) major versions behind, if I read the data correctly.

Please integrate the current tool's versions available here: https://github.com/greenbone/
Steps To ReproduceInstall kali 2019.3 and apt dist-upgrade to 2019.4, then use the tool and check the versions against the current community edition.
Additional InformationThere are different and also improved tools which should be in kali, and they all have some version and are under developtment with a clean schedule, but for instance openvas-scanner my current kali rolling release 2019.4 is 5.1.3-2, while the released current version at https://github.com/greenbone/openvas is 7.0.0!

Relationships

has duplicate 0005755 closedsbrun OpenVAS + Greenbone Vulnerability Management new stable 
has duplicate 0006405 closedrhertzog Report outdated / end-of-life Scan Engine / Environment (local) 
has duplicate 0006396 closedsbrun Greenbone Vulnerability Management version 11 
has duplicate 0006423 closedsbrun Openvas: Greenbone is outdated 

Activities

peerj

2019-11-19 12:27

reporter   ~0011327

This might be useful to integrate new versions into kali rolling:
https://community.greenbone.net/t/gvm-11-stable-initial-release-2019-10-14/3674

Beyond OpenVAS itself, I suppose it's a good idea to include the complete "GVM 11" release of the "Greenbone Source Edition (GSE)" into kali, as the "GVM" seems to be a renamed thing formerly known as "GSA", included in current kali 2019.4 as gsad (available on the CLI, that is, and used when starting OpenVAS in kali from the Applications menu).

As far as I can see, these tools look like extremely important tools for the whole pentesting ecosystem and greenbone seems to be very actively developing these tools.

peerj

2019-11-19 13:04

reporter   ~0011328

This might also be useful: https://community.greenbone.net/t/which-gvm-variant-is-kali-shipping/2642
and this: https://community.greenbone.net/t/about-the-greenbone-source-edition-gse-category/176

The updated tutorial https://www.kali.org/tutorials/configuring-and-tuning-openvas-in-kali-linux/also from 2017 looks quite old now, 2 years seem like approaching eternity in InfoSec.

The community forum the upstream coordinates looks welcoming and helpful and might give advice if running into packaging difficulties.

The newer versions seem to have updated protocols and new facilities for easier integration of remote sensors.
The name changes might actually help in case you want to offer the "legacy" OpenVAS besides the newer, better tools without packaging conflicts and help people in transitioning custom scripts they might use.

sbrun

2019-11-19 14:30

manager   ~0011330

Thanks for your report. We started to work on the update.

kali-bugreport

2020-01-26 08:32

reporter   ~0011961

Note that an update of the manager database from GVM-9 (previously OpenVAS 9) currently shipped in Kali to the most recent version GVM-11 isn't directly possible:

https://community.greenbone.net/t/change-in-gvmd-migration-support/1770

and first need an intermediate step to GVM-10.

This might be interesting concerning the required GVM parts and their setup:

https://sadsloth.net/post/install-gvm11-src_part1/

pleontios

2020-05-23 11:59

reporter   ~0012826

Is there an estimate on when KALI is about to update its distribution to include the last version of the scanner?

kennikvik

2020-05-25 11:26

reporter   ~0012834

When can we expect an update of the openvas scanner, the error has been there for some time now !

kali-bugreport

2020-05-25 12:10

reporter   ~0012835

0006405:0012831:

> OpenVAS is packaged in the pkg-security team in Debian (we are involved in that team). Some OpenVAS components changed a lot and are hard to package properly. We don't have any ETA currently.

ghostpapper

2020-05-27 17:04

reporter   ~0012844

Do you have any predictions for GVM11 no kali? I'm having problems with openvas, all reports are returning this message that is attached.
-------------------------------------------------------------------------

High (CVSS: 10.0)
NVT: Report outdated / end-of-life Scan Engine / Environment (local)
Summary
This script checks and reports an outdated or end-of-life scan engine for the following environ-
ments:
- Greenbone Source Edition (GSE)
- Greenbone Community Edition (GCE)
. . . continues on next page . . .
2 RESULTS PER HOST 3
. . . continued from previous page . . .
used for this scan.
NOTE: While this is not, in and of itself, a security vulnerability, a severity is reported to make
you aware of a possible decreased scan coverage or missing detection of vulnerabilities on the
target due to e.g.:
- missing functionalities
- missing bugxes
- incompatibilities within the feed.
Vulnerability Detection Result
Installed GVM Libraries (gvm-libs) version: 9.0.3
Latest available GVM Libraries (gvm-libs) version: 10.0.1
Reference URL(s) for the latest available version: https://community.greenbone.n
,!et/t/gvm-11-stable-initial-release-2019-10-14/3674 / https://community.greenbo
,!ne.net/t/gvm-10-old-stable-initial-release-2019-04-05/208
Solution
Solution type: VendorFix
Update to the latest available stable release for your scan environment. Please check the refer-
ences for more information. If you're using packages provided by your Linux distribution please
contact the maintainer of the used distribution / repository and request updated packages.
If you want to accept the risk of a possible decreased scan coverage or missing detection of
vulnerabilities on the target you can set a global override for this script as described in the
linked manuals.
Vulnerability Detection Method
Details: Report outdated / end-of-life Scan Engine / Environment (local)
OID:1.3.6.1.4.1.25623.1.0.108560
Version used: 2020-05-12T05:51:55+0000
References
Other:
URL:https://www.greenbone.net/en/install_use_gce/
URL:https://community.greenbone.net/t/gvm-9-end-of-life-initial-release-2017-
,!03-07/211
URL:https://community.greenbone.net/t/gvm-10-old-stable-initial-release-2019-
,!04-05/208
URL:https://community.greenbone.net/t/gvm-11-stable-initial-release-2019-10-1
,!4/3674
URL:https://docs.greenbone.net/GSM-Manual/gos-4/en/reports.html#creating-an-o
,!verride
URL:https://docs.greenbone.net/GSM-Manual/gos-5/en/reports.html#creating-an-o
,!verride
URL:https://docs.greenbone.net/GSM-Manual/gos-6/en/reports.html#creating-an-o
,!verride

sbrun

2020-06-26 15:26

manager   ~0012997

A version of gvm 11 will be available in kali-dev: version 11.0.1~kali4 (available probably tomorrow after synchronization of mirrors).

WARNING: work is in progress. If you use it you may experiment issues especially if you already
have openvas 9 installed (you may lose your data, ...). A README.Debian documents the upgrade
but it has not been fully tested yet.

To try it you will need to add kali-dev in the sources list.
And install gvm

The scripts are not available via the Kali menu for the moment.
You can run them in a shell:
gvm-setup
gvm-start
gvm-stop

ghostpapper

2020-06-29 17:47

reporter   ~0013033

already I can install by apt in kali 2020-2?

alara

2020-07-01 09:44

reporter   ~0013043

Hello Sbrun, Good Morning.

First thanks for the feedback and alignment about this issue (in progress).

I have a plan to update my GVM9 to GVM11 only when the package will be on official Kali's mirror. Because until now my master and slave scanners are working correctly.

My question: Do you have a target date to finish your tests and adjust last features on dev environment?and a target date to put it into production?

I am waiting your answer and have an excellend week.

Alisson Lara

sbrun

2020-07-03 12:52

manager   ~0013047

The remaining issues are for the upgrade: upstream doesn't officially support to bump from openvas 9 to gvm 11.
So we are trying to find a workaround if possible.
I'm working with the Debian maintainer to update the packages. We have no target date but I think it will be before end of july.

alara

2020-07-03 13:00

reporter   ~0013048

Hi Sbrun.

Thanks for your alignment.

yes. I can imagive that is a hard task find a workaround if possible.

For now, I am waiting the packages until end of July, and after that I can make my tests (on my environment), and I will give you an feedback if working properly or not.

Have an excellent weekend.

Alisson Lara

watch

2020-07-05 16:45

reporter   ~0013053

Has Duplicate: Issue ??????

sbrun

2020-07-31 08:25

manager   ~0013157

new package gvm version 11.0.1~kali6 is in kali-rolling.
it replaces openvas

Issue History

Date Modified Username Field Change
2019-11-18 18:56 peerj New Issue
2019-11-18 18:56 peerj Status new => assigned
2019-11-18 18:56 peerj Assigned To => sbrun
2019-11-19 12:27 peerj Note Added: 0011327
2019-11-19 13:04 peerj Note Added: 0011328
2019-11-19 14:30 sbrun Note Added: 0011330
2019-11-25 13:34 sbrun Relationship added has duplicate 0005755
2020-01-26 08:32 kali-bugreport Note Added: 0011961
2020-05-23 11:59 pleontios Note Added: 0012826
2020-05-24 19:18 rhertzog Relationship added has duplicate 0006405
2020-05-25 11:26 kennikvik Note Added: 0012834
2020-05-25 12:10 kali-bugreport Note Added: 0012835
2020-05-27 17:04 ghostpapper Note Added: 0012844
2020-06-09 12:45 sbrun Relationship added has duplicate 0006396
2020-06-23 08:44 sbrun Relationship added has duplicate 0006423
2020-06-26 15:26 sbrun Note Added: 0012997
2020-06-29 17:47 ghostpapper Note Added: 0013033
2020-07-01 09:44 alara Note Added: 0013043
2020-07-03 12:52 sbrun Note Added: 0013047
2020-07-03 13:00 alara Note Added: 0013048
2020-07-05 16:45 watch Note Added: 0013053
2020-07-31 08:25 sbrun Status assigned => resolved
2020-07-31 08:25 sbrun Resolution open => fixed
2020-07-31 08:25 sbrun Note Added: 0013157
2020-12-01 10:48 g0tmi1k Priority high => normal