View Issue Details

IDProjectCategoryView StatusLast Update
0005797Kali Linux[All Projects] Tool Upgradepublic2020-05-27 17:04
Reporterpeerj Assigned Tosbrun  
PriorityhighSeverityfeatureReproducibilityalways
Status assignedResolutionopen 
Product Versionkali-dev 
Target VersionFixed in Version 
Summary0005797: OpenVAS Vulnerability Assessment System
DescriptionOpenVAS, the FLOSS successor to nessus, is maintained since years ago by a developer group at "greenbone", and they also maintain a (or the?) community and a community version, e.g. a VM made from the source code of the community version.

The OpenVAS Vulnerability Assessment System and the accompanying "greenbone security assistant" which are already in kali seem to be seriously out of sync with upstream.

I just installed Kali 2019.3 which upgraded itself quite naturally to 2019.4, but the OpenVAS/greenbone system is still 2 (!) major versions behind, if I read the data correctly.

Please integrate the current tool's versions available here: https://github.com/greenbone/
Steps To ReproduceInstall kali 2019.3 and apt dist-upgrade to 2019.4, then use the tool and check the versions against the current community edition.
Additional InformationThere are different and also improved tools which should be in kali, and they all have some version and are under developtment with a clean schedule, but for instance openvas-scanner my current kali rolling release 2019.4 is 5.1.3-2, while the released current version at https://github.com/greenbone/openvas is 7.0.0!

Relationships

has duplicate 0005755 closedsbrun OpenVAS + Greenbone Vulnerability Management new stable 
has duplicate 0006405 closedrhertzog Report outdated / end-of-life Scan Engine / Environment (local) 

Activities

peerj

2019-11-19 12:27

reporter   ~0011327

This might be useful to integrate new versions into kali rolling:
https://community.greenbone.net/t/gvm-11-stable-initial-release-2019-10-14/3674

Beyond OpenVAS itself, I suppose it's a good idea to include the complete "GVM 11" release of the "Greenbone Source Edition (GSE)" into kali, as the "GVM" seems to be a renamed thing formerly known as "GSA", included in current kali 2019.4 as gsad (available on the CLI, that is, and used when starting OpenVAS in kali from the Applications menu).

As far as I can see, these tools look like extremely important tools for the whole pentesting ecosystem and greenbone seems to be very actively developing these tools.

peerj

2019-11-19 13:04

reporter   ~0011328

This might also be useful: https://community.greenbone.net/t/which-gvm-variant-is-kali-shipping/2642
and this: https://community.greenbone.net/t/about-the-greenbone-source-edition-gse-category/176

The updated tutorial https://www.kali.org/tutorials/configuring-and-tuning-openvas-in-kali-linux/also from 2017 looks quite old now, 2 years seem like approaching eternity in InfoSec.

The community forum the upstream coordinates looks welcoming and helpful and might give advice if running into packaging difficulties.

The newer versions seem to have updated protocols and new facilities for easier integration of remote sensors.
The name changes might actually help in case you want to offer the "legacy" OpenVAS besides the newer, better tools without packaging conflicts and help people in transitioning custom scripts they might use.

sbrun

2019-11-19 14:30

manager   ~0011330

Thanks for your report. We started to work on the update.

kali-bugreport

2020-01-26 08:32

reporter   ~0011961

Note that an update of the manager database from GVM-9 (previously OpenVAS 9) currently shipped in Kali to the most recent version GVM-11 isn't directly possible:

https://community.greenbone.net/t/change-in-gvmd-migration-support/1770

and first need an intermediate step to GVM-10.

This might be interesting concerning the required GVM parts and their setup:

https://sadsloth.net/post/install-gvm11-src_part1/

pleontios

2020-05-23 11:59

reporter   ~0012826

Is there an estimate on when KALI is about to update its distribution to include the last version of the scanner?

kennikvik

2020-05-25 11:26

reporter   ~0012834

When can we expect an update of the openvas scanner, the error has been there for some time now !

kali-bugreport

2020-05-25 12:10

reporter   ~0012835

0006405:0012831:

> OpenVAS is packaged in the pkg-security team in Debian (we are involved in that team). Some OpenVAS components changed a lot and are hard to package properly. We don't have any ETA currently.

ghostpapper

2020-05-27 17:04

reporter   ~0012844

Do you have any predictions for GVM11 no kali? I'm having problems with openvas, all reports are returning this message that is attached.
-------------------------------------------------------------------------

High (CVSS: 10.0)
NVT: Report outdated / end-of-life Scan Engine / Environment (local)
Summary
This script checks and reports an outdated or end-of-life scan engine for the following environ-
ments:
- Greenbone Source Edition (GSE)
- Greenbone Community Edition (GCE)
. . . continues on next page . . .
2 RESULTS PER HOST 3
. . . continued from previous page . . .
used for this scan.
NOTE: While this is not, in and of itself, a security vulnerability, a severity is reported to make
you aware of a possible decreased scan coverage or missing detection of vulnerabilities on the
target due to e.g.:
- missing functionalities
- missing bugxes
- incompatibilities within the feed.
Vulnerability Detection Result
Installed GVM Libraries (gvm-libs) version: 9.0.3
Latest available GVM Libraries (gvm-libs) version: 10.0.1
Reference URL(s) for the latest available version: https://community.greenbone.n
,!et/t/gvm-11-stable-initial-release-2019-10-14/3674 / https://community.greenbo
,!ne.net/t/gvm-10-old-stable-initial-release-2019-04-05/208
Solution
Solution type: VendorFix
Update to the latest available stable release for your scan environment. Please check the refer-
ences for more information. If you're using packages provided by your Linux distribution please
contact the maintainer of the used distribution / repository and request updated packages.
If you want to accept the risk of a possible decreased scan coverage or missing detection of
vulnerabilities on the target you can set a global override for this script as described in the
linked manuals.
Vulnerability Detection Method
Details: Report outdated / end-of-life Scan Engine / Environment (local)
OID:1.3.6.1.4.1.25623.1.0.108560
Version used: 2020-05-12T05:51:55+0000
References
Other:
URL:https://www.greenbone.net/en/install_use_gce/
URL:https://community.greenbone.net/t/gvm-9-end-of-life-initial-release-2017-
,!03-07/211
URL:https://community.greenbone.net/t/gvm-10-old-stable-initial-release-2019-
,!04-05/208
URL:https://community.greenbone.net/t/gvm-11-stable-initial-release-2019-10-1
,!4/3674
URL:https://docs.greenbone.net/GSM-Manual/gos-4/en/reports.html#creating-an-o
,!verride
URL:https://docs.greenbone.net/GSM-Manual/gos-5/en/reports.html#creating-an-o
,!verride
URL:https://docs.greenbone.net/GSM-Manual/gos-6/en/reports.html#creating-an-o
,!verride

Issue History

Date Modified Username Field Change
2019-11-18 18:56 peerj New Issue
2019-11-18 18:56 peerj Status new => assigned
2019-11-18 18:56 peerj Assigned To => sbrun
2019-11-19 12:27 peerj Note Added: 0011327
2019-11-19 13:04 peerj Note Added: 0011328
2019-11-19 14:30 sbrun Note Added: 0011330
2019-11-25 13:34 sbrun Relationship added has duplicate 0005755
2020-01-26 08:32 kali-bugreport Note Added: 0011961
2020-05-23 11:59 pleontios Note Added: 0012826
2020-05-24 19:18 rhertzog Relationship added has duplicate 0006405
2020-05-25 11:26 kennikvik Note Added: 0012834
2020-05-25 12:10 kali-bugreport Note Added: 0012835
2020-05-27 17:04 ghostpapper Note Added: 0012844