Vul Scan - False Positives on Linux distros using Backport releases

 

Linux distros that use backport for package updates for security and stability may be picked up by VulScan as still having the unpatched vulnerability.  The reason is that the external fingerprinting does not change when backport patches are applied in all cases.  An example is Openssl 1.0.2k has over 140 known issues.  Once backport version patch , such Openssl 1.0.2k-25 is applied, the fingerprinting is still reporting the original Openssl 1.0.2k version without the -25 patch.

The issue may be resolved in the near future, but we recommend using VulScan results as an indicator of issues and investigate if the device is using backport updates.  These scenarios may result in false positives.

We have chosen to not exclude or turn off vulnerability detection, allowing our users to use the Mark False Positive flag feature to exclude certain OID or devices from the scan for a period of time. Please see pages 35-36 of the Vul Scanner Quick Start Guide for instructions on how to do this. 

 

Known False Positives from other Kaseya Products:

  • Unitrends Recovery Series appliances
    *Unitrends runs on CentOS, which is downstream from Redhat. Any CVE or vulnerability follows the same guidance and backporting as Redhat.

Helpful Links:

Tenable backport info: https://community.tenable.com/s/article/Apache-Vulnerabilities-and-Backported-Patching

Redhat links to backporting:

https://access.redhat.com/security/updates/backporting

https://access.redhat.com/solutions/57665

Redhat links to OVAL definitions:

https://access.redhat.com/security/data

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us