View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005797||Kali Linux||[All Projects] Tool Upgrade||public||2019-11-18 18:56||2020-08-18 21:27|
|Target Version||Fixed in Version|
|Summary||0005797: OpenVAS Vulnerability Assessment System|
|Description||OpenVAS, the FLOSS successor to nessus, is maintained since years ago by a developer group at "greenbone", and they also maintain a (or the?) community and a community version, e.g. a VM made from the source code of the community version.|
The OpenVAS Vulnerability Assessment System and the accompanying "greenbone security assistant" which are already in kali seem to be seriously out of sync with upstream.
I just installed Kali 2019.3 which upgraded itself quite naturally to 2019.4, but the OpenVAS/greenbone system is still 2 (!) major versions behind, if I read the data correctly.
Please integrate the current tool's versions available here: https://github.com/greenbone/
|Steps To Reproduce||Install kali 2019.3 and apt dist-upgrade to 2019.4, then use the tool and check the versions against the current community edition.|
|Additional Information||There are different and also improved tools which should be in kali, and they all have some version and are under developtment with a clean schedule, but for instance openvas-scanner my current kali rolling release 2019.4 is 5.1.3-2, while the released current version at https://github.com/greenbone/openvas is 7.0.0!|
|has duplicate||0005755||closed||sbrun||OpenVAS + Greenbone Vulnerability Management new stable|
|has duplicate||0006405||closed||rhertzog||Report outdated / end-of-life Scan Engine / Environment (local)|
|has duplicate||0006396||closed||sbrun||Greenbone Vulnerability Management version 11|
|has duplicate||0006423||closed||sbrun||Openvas: Greenbone is outdated|
This might be useful to integrate new versions into kali rolling:
Beyond OpenVAS itself, I suppose it's a good idea to include the complete "GVM 11" release of the "Greenbone Source Edition (GSE)" into kali, as the "GVM" seems to be a renamed thing formerly known as "GSA", included in current kali 2019.4 as gsad (available on the CLI, that is, and used when starting OpenVAS in kali from the Applications menu).
As far as I can see, these tools look like extremely important tools for the whole pentesting ecosystem and greenbone seems to be very actively developing these tools.
This might also be useful: https://community.greenbone.net/t/which-gvm-variant-is-kali-shipping/2642
and this: https://community.greenbone.net/t/about-the-greenbone-source-edition-gse-category/176
The updated tutorial https://www.kali.org/tutorials/configuring-and-tuning-openvas-in-kali-linux/also from 2017 looks quite old now, 2 years seem like approaching eternity in InfoSec.
The community forum the upstream coordinates looks welcoming and helpful and might give advice if running into packaging difficulties.
The newer versions seem to have updated protocols and new facilities for easier integration of remote sensors.
The name changes might actually help in case you want to offer the "legacy" OpenVAS besides the newer, better tools without packaging conflicts and help people in transitioning custom scripts they might use.
||Thanks for your report. We started to work on the update.|
Note that an update of the manager database from GVM-9 (previously OpenVAS 9) currently shipped in Kali to the most recent version GVM-11 isn't directly possible:
and first need an intermediate step to GVM-10.
This might be interesting concerning the required GVM parts and their setup:
||Is there an estimate on when KALI is about to update its distribution to include the last version of the scanner?|
||When can we expect an update of the openvas scanner, the error has been there for some time now !|
> OpenVAS is packaged in the pkg-security team in Debian (we are involved in that team). Some OpenVAS components changed a lot and are hard to package properly. We don't have any ETA currently.
Do you have any predictions for GVM11 no kali? I'm having problems with openvas, all reports are returning this message that is attached.
High (CVSS: 10.0)
NVT: Report outdated / end-of-life Scan Engine / Environment (local)
This script checks and reports an outdated or end-of-life scan engine for the following environ-
- Greenbone Source Edition (GSE)
- Greenbone Community Edition (GCE)
. . . continues on next page . . .
2 RESULTS PER HOST 3
. . . continued from previous page . . .
used for this scan.
NOTE: While this is not, in and of itself, a security vulnerability, a severity is reported to make
you aware of a possible decreased scan coverage or missing detection of vulnerabilities on the
target due to e.g.:
- missing functionalities
- missing bugxes
- incompatibilities within the feed.
Vulnerability Detection Result
Installed GVM Libraries (gvm-libs) version: 9.0.3
Latest available GVM Libraries (gvm-libs) version: 10.0.1
Reference URL(s) for the latest available version: https://community.greenbone.n
,!et/t/gvm-11-stable-initial-release-2019-10-14/3674 / https://community.greenbo
Solution type: VendorFix
Update to the latest available stable release for your scan environment. Please check the refer-
ences for more information. If you're using packages provided by your Linux distribution please
contact the maintainer of the used distribution / repository and request updated packages.
If you want to accept the risk of a possible decreased scan coverage or missing detection of
vulnerabilities on the target you can set a global override for this script as described in the
Vulnerability Detection Method
Details: Report outdated / end-of-life Scan Engine / Environment (local)
Version used: 2020-05-12T05:51:55+0000
A version of gvm 11 will be available in kali-dev: version 11.0.1~kali4 (available probably tomorrow after synchronization of mirrors).
WARNING: work is in progress. If you use it you may experiment issues especially if you already
have openvas 9 installed (you may lose your data, ...). A README.Debian documents the upgrade
but it has not been fully tested yet.
To try it you will need to add kali-dev in the sources list.
And install gvm
The scripts are not available via the Kali menu for the moment.
You can run them in a shell:
||already I can install by apt in kali 2020-2?|
Hello Sbrun, Good Morning.
First thanks for the feedback and alignment about this issue (in progress).
I have a plan to update my GVM9 to GVM11 only when the package will be on official Kali's mirror. Because until now my master and slave scanners are working correctly.
My question: Do you have a target date to finish your tests and adjust last features on dev environment?and a target date to put it into production?
I am waiting your answer and have an excellend week.
The remaining issues are for the upgrade: upstream doesn't officially support to bump from openvas 9 to gvm 11.
So we are trying to find a workaround if possible.
I'm working with the Debian maintainer to update the packages. We have no target date but I think it will be before end of july.
Thanks for your alignment.
yes. I can imagive that is a hard task find a workaround if possible.
For now, I am waiting the packages until end of July, and after that I can make my tests (on my environment), and I will give you an feedback if working properly or not.
Have an excellent weekend.
||Has Duplicate: Issue ??????|
new package gvm version 11.0.1~kali6 is in kali-rolling.
it replaces openvas
|2019-11-18 18:56||peerj||New Issue|
|2019-11-18 18:56||peerj||Status||new => assigned|
|2019-11-18 18:56||peerj||Assigned To||=> sbrun|
|2019-11-19 12:27||peerj||Note Added: 0011327|
|2019-11-19 13:04||peerj||Note Added: 0011328|
|2019-11-19 14:30||sbrun||Note Added: 0011330|
|2019-11-25 13:34||sbrun||Relationship added||has duplicate 0005755|
|2020-01-26 08:32||kali-bugreport||Note Added: 0011961|
|2020-05-23 11:59||pleontios||Note Added: 0012826|
|2020-05-24 19:18||rhertzog||Relationship added||has duplicate 0006405|
|2020-05-25 11:26||kennikvik||Note Added: 0012834|
|2020-05-25 12:10||kali-bugreport||Note Added: 0012835|
|2020-05-27 17:04||ghostpapper||Note Added: 0012844|
|2020-06-09 12:45||sbrun||Relationship added||has duplicate 0006396|
|2020-06-23 08:44||sbrun||Relationship added||has duplicate 0006423|
|2020-06-26 15:26||sbrun||Note Added: 0012997|
|2020-06-29 17:47||ghostpapper||Note Added: 0013033|
|2020-07-01 09:44||alara||Note Added: 0013043|
|2020-07-03 12:52||sbrun||Note Added: 0013047|
|2020-07-03 13:00||alara||Note Added: 0013048|
|2020-07-05 16:45||watch||Note Added: 0013053|
|2020-07-31 08:25||sbrun||Status||assigned => resolved|
|2020-07-31 08:25||sbrun||Resolution||open => fixed|
|2020-07-31 08:25||sbrun||Note Added: 0013157|