No detection of missing Windows Security Patches

bellum · September 19, 2023, 2:56pm

No problem, I appreciate your help - now the command works but I don’t get any output, though I’ve applied your patch to the .nasl file …

root@vmgreenbone:/var/lib/openvas/plugins# openvas-nasl -t 10.10.10.10 -X -B -i /var/lib/openvas/plugins/ --kb="SMB/login_filled/0=myScanUser" --kb="SMB/password_filled/0=myPassword" --kb="SMB/domain_filled/0=myDomain" logins.nasl smb_login.nasl smb_registry_access.nasl smb_reg_service_pack.nasl /var/lib/openvas/plugins/2023/microsoft/gb_ms_kb5026361.nasl
root@vmgreenbone:/var/lib/openvas/plugins#

Do I have to enable the display statements in the .nasl file somewhere else?

bellum · September 19, 2023, 3:37pm

I found out (by setting a display statement at the very beginning of gb_ms_kb5026361.nasl) that gb_ms_kb5026361.nasl is executed but doesn’t pass the

if(hotfix_check_sp(win10:1, win10x64:1) <= 0){
  exit(0);

statement.

Could you please post the full prompt with all expanded aliases and options which gave you the mentioned output when you tested it?

Thank you very much.

cfi · September 19, 2023, 3:50pm

Ah, not fully sure anymore but this could also depend on the scanner setting here:

$ openvas -s | grep "unscanned_closed "
unscanned_closed = no

IIRC this is usually set to “yes” and adding this to the following file (if the file doesn’t exist it can be created) could make it to work:

$ openvas -s | grep "config_file"
config_file = /path/to/etc/openvas/openvas.conf

bellum · September 19, 2023, 3:58pm

Setting unscanned_closed = no in /etc/openvas/openvas.conf did the trick.

Now I see the same output as in your test and I can investigate further …

Thank you very much!

bellum · September 20, 2023, 3:27pm

I’ve tracked this down and found out that this isn’t an environmental issue but instead an issue with the PE header scanning in the function GetVer of secpod_smb_func.inc

This function seems to scan the PE header of the given file for the resource section for the version number in multiple iterations.

But the different Windows Versions seems to have different sizes of the PE header and it turned out that the value max_recurs = 22; in line 635 of secpod_smb_func.inc is enough for Windows 8.1 but to low for Windows 10 and later (see below)

max_recurs = 22, Windows 8.1

It was possible to log into the remote host using the SMB protocol.
Windows 8.1 Pro 6.3 is installed with Service Pack 0
lib  nasl-Message: 16:51:25.548: * DEBUG * test-fetch_file_version.nasl * calling fetch_file_version *
lib  nasl-Message: 16:51:25.548: * DEBUG * secpod_smb_func.inc * fetch_file_version * start *
lib  nasl-Message: 16:51:25.548: * DEBUG * secpod_smb_func.inc * fetch_file_version * kb_proxy_file * SMB//fetch_file_version//c:\windows\system32//ntoskrnl.exe
lib  nasl-Message: 16:51:25.549: * DEBUG * secpod_smb_func.inc * fetch_file_version * share * c$
lib  nasl-Message: 16:51:25.549: * DEBUG * secpod_smb_func.inc * fetch_file_version * file * \windows\system32\ntoskrnl.exe
lib  nasl-Message: 16:51:25.549: * DEBUG * secpod_smb_func.inc * GetVer * start *
lib  nasl-Message: 16:51:25.549: * DEBUG * secpod_smb_func.inc * GetVer * file* \windows\system32\ntoskrnl.exe
lib  nasl-Message: 16:51:25.549: * DEBUG * secpod_smb_func.inc * GetVer * share * c$
lib  nasl-Message: 16:51:25.549: * DEBUG * secpod_smb_func.inc * GetVer * prodvers *
lib  nasl-Message: 16:51:25.567: * DEBUG * secpod_smb_func.inc * GetVer * pe_offset * 264
lib  nasl-Message: 16:51:25.601: * DEBUG * secpod_smb_func.inc * GetVer * sections_cnt * 24
lib  nasl-Message: 16:51:25.618: * DEBUG * secpod_smb_func.inc * GetVer * section_offset * 528
lib  nasl-Message: 16:51:25.618: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 0
lib  nasl-Message: 16:51:25.638: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .text.....(.......(................. ..h
lib  nasl-Message: 16:51:25.638: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 1
lib  nasl-Message: 16:51:25.659: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * KVASCODE. ....(.."....(............. ..h
lib  nasl-Message: 16:51:25.659: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 2
lib  nasl-Message: 16:51:25.676: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * POOLCODE.#....(..$....(............. ..h
lib  nasl-Message: 16:51:25.676: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 3
lib  nasl-Message: 16:51:25.694: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INITDATA......).........................
lib  nasl-Message: 16:51:25.694: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 4
lib  nasl-Message: 16:51:25.712: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * ALMOSTRO......).........................
lib  nasl-Message: 16:51:25.712: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 5
lib  nasl-Message: 16:51:25.729: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .data....=... ).......(.............@...
lib  nasl-Message: 16:51:25.729: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 6
lib  nasl-Message: 16:51:25.747: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .pdata.......`0.......).............@..H
lib  nasl-Message: 16:51:25.747: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 7
lib  nasl-Message: 16:51:25.766: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .idata...%...@4..&...v-.............@..H
lib  nasl-Message: 16:51:25.767: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 8
lib  nasl-Message: 16:51:25.784: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * CACHEALI.q...p4..r....-.............@...
lib  nasl-Message: 16:51:25.784: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 9
lib  nasl-Message: 16:51:25.800: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * ALMOSTRO."....4..$..................@...
lib  nasl-Message: 16:51:25.800: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 10
lib  nasl-Message: 16:51:25.819: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGELK....... 6......2/............. ..`
lib  nasl-Message: 16:51:25.819: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 11
lib  nasl-Message: 16:51:25.837: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGE....N.-...7...-...0............. ..`
lib  nasl-Message: 16:51:25.837: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 12
lib  nasl-Message: 16:51:25.856: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEKD...D....e..F....^............. ..`
lib  nasl-Message: 16:51:25.856: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 13
lib  nasl-Message: 16:51:25.879: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEVRFY.~....e.......^............. ..`
lib  nasl-Message: 16:51:25.879: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 14
lib  nasl-Message: 16:51:25.902: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEHDLS.#...Ph..$...Na............. ..`
lib  nasl-Message: 16:51:25.902: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 15
lib  nasl-Message: 16:51:25.926: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEBGFX.c....h..d...ra............. ..`
lib  nasl-Message: 16:51:25.926: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 16
lib  nasl-Message: 16:51:25.947: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEVRFB.K....h.........................
lib  nasl-Message: 16:51:25.947: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 17
lib  nasl-Message: 16:51:25.967: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .edata...6...@i..8....a.............@..@
lib  nasl-Message: 16:51:25.967: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 18
lib  nasl-Message: 16:51:25.987: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEDATAx.....j.......c.............@...
lib  nasl-Message: 16:51:25.987: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 19
lib  nasl-Message: 16:51:26.006: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEVRFD.....pk.......c.............@...
lib  nasl-Message: 16:51:26.006: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 20
lib  nasl-Message: 16:51:26.029: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INITKDBG.....0l.......d............. ..j
lib  nasl-Message: 16:51:26.029: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 21
lib  nasl-Message: 16:51:26.047: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INIT..........l......Re............. ...
lib  nasl-Message: 16:51:26.048: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 22
lib  nasl-Message: 16:51:26.066: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .rsrc........pt.. ....l.............@..B
lib  nasl-Message: 16:51:26.066: * DEBUG * secpod_smb_func.inc * GetVer * .rsrc triggered *
lib  nasl-Message: 16:51:26.067: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 23
lib  nasl-Message: 16:51:26.085: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .reloc...=....w..>....o.............@..B
lib  nasl-Message: 16:51:26.085: * DEBUG * secpod_smb_func.inc * GetVer * break max_recurs *
lib  nasl-Message: 16:51:26.085: * DEBUG * secpod_smb_func.inc * GetVer * rsrc_start * 7134720
lib  nasl-Message: 16:51:26.108: * DEBUG * secpod_smb_func.inc * GetVer * dir_data * ................
lib  nasl-Message: 16:51:26.263: * DEBUG * secpod_smb_func.inc * fetch_file_version * sysVer * 6.3.9600.19629
lib  nasl-Message: 16:51:26.264: * DEBUG * test-fetch_file_version.nasl * fileVer * 6.3.9600.19629
root@vmgreenbone:/var/lib/openvas/plugins#

max_recurs = 22, Windows 10

It was possible to log into the remote host using the SMB protocol.
Windows 10 Pro 6.3 (21H2) is installed with build number 19044
lib  nasl-Message: 16:52:06.796: * DEBUG * test-fetch_file_version.nasl * calling fetch_file_version *
lib  nasl-Message: 16:52:06.796: * DEBUG * secpod_smb_func.inc * fetch_file_version * start *
lib  nasl-Message: 16:52:06.796: * DEBUG * secpod_smb_func.inc * fetch_file_version * kb_proxy_file * SMB//fetch_file_version//c:\windows\system32//ntoskrnl.exe
lib  nasl-Message: 16:52:06.797: * DEBUG * secpod_smb_func.inc * fetch_file_version * share * c$
lib  nasl-Message: 16:52:06.797: * DEBUG * secpod_smb_func.inc * fetch_file_version * file * \windows\system32\ntoskrnl.exe
lib  nasl-Message: 16:52:06.797: * DEBUG * secpod_smb_func.inc * GetVer * start *
lib  nasl-Message: 16:52:06.797: * DEBUG * secpod_smb_func.inc * GetVer * file* \windows\system32\ntoskrnl.exe
lib  nasl-Message: 16:52:06.797: * DEBUG * secpod_smb_func.inc * GetVer * share * c$
lib  nasl-Message: 16:52:06.797: * DEBUG * secpod_smb_func.inc * GetVer * prodvers *
lib  nasl-Message: 16:52:06.818: * DEBUG * secpod_smb_func.inc * GetVer * pe_offset * 280
lib  nasl-Message: 16:52:06.874: * DEBUG * secpod_smb_func.inc * GetVer * sections_cnt * 33
lib  nasl-Message: 16:52:06.903: * DEBUG * secpod_smb_func.inc * GetVer * section_offset * 544
lib  nasl-Message: 16:52:06.903: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 0
lib  nasl-Message: 16:52:06.924: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .rdata...{\u000c......|\u000c.................@..H
lib  nasl-Message: 16:52:06.924: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 1
lib  nasl-Message: 16:52:06.942: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .pdata..0{....\u000c..|....\u000c.............@..H
lib  nasl-Message: 16:52:06.942: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 2
lib  nasl-Message: 16:52:06.962: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .idata... ......."..................@..H
lib  nasl-Message: 16:52:06.962: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 3
lib  nasl-Message: 16:52:06.989: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .edata..6....@......."..............@..@
lib  nasl-Message: 16:52:06.989: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 4
lib  nasl-Message: 16:52:07.007: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PROTDATA............................@..H
lib  nasl-Message: 16:52:07.007: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 5
lib  nasl-Message: 16:52:07.026: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * GFIDS...............................@..B
lib  nasl-Message: 16:52:07.026: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 6
lib  nasl-Message: 16:52:07.044: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * Pad1......
..p.........................B
lib  nasl-Message: 16:52:07.044: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 7
lib  nasl-Message: 16:52:07.067: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .text...Yh<... ..j<..>.............. ..h
lib  nasl-Message: 16:52:07.067: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 8
lib  nasl-Message: 16:52:07.091: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGE....nH<..p\..J<...Q............. ..`
lib  nasl-Message: 16:52:07.091: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 9
lib  nasl-Message: 16:52:07.119: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGELK...N.......P.................. ..`
lib  nasl-Message: 16:52:07.120: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 10
lib  nasl-Message: 16:52:07.143: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * POOLCODE.............B.............. ..h
lib  nasl-Message: 16:52:07.143: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 11
lib  nasl-Message: 16:52:07.165: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEKD...[... ...\...H.............. ..`
lib  nasl-Message: 16:52:07.165: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 12
lib  nasl-Message: 16:52:07.188: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEVRFY\u000c!.......".................. ..`
lib  nasl-Message: 16:52:07.188: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 13
lib  nasl-Message: 16:52:07.213: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEHDLS.%.......&.................. ..`
lib  nasl-Message: 16:52:07.213: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 14
lib  nasl-Message: 16:52:07.237: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEBGFX.i.......j.................. ..`
lib  nasl-Message: 16:52:07.237: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 15
lib  nasl-Message: 16:52:07.260: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INITKDBG.....P.......V.............. ..h
lib  nasl-Message: 16:52:07.260: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 16
lib  nasl-Message: 16:52:07.283: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * TRACESUP[........................... ..h
lib  nasl-Message: 16:52:07.283: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 17
lib  nasl-Message: 16:52:07.304: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * KVASCODE.#.......$.................. ..h
lib  nasl-Message: 16:52:07.304: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 18
lib  nasl-Message: 16:52:07.328: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * RETPOL..@....@.......(.............. ..h
lib  nasl-Message: 16:52:07.328: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 19
lib  nasl-Message: 16:52:07.352: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * MINIEX...%...P...&...0.............. ..b
lib  nasl-Message: 16:52:07.352: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 20
lib  nasl-Message: 16:52:07.374: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INIT.................V.............. ..b
lib  nasl-Message: 16:52:07.374: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 21
lib  nasl-Message: 16:52:07.399: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * Pad2.........0.........................b
lib  nasl-Message: 16:52:07.399: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 22
lib  nasl-Message: 16:52:07.421: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .data............0..................@...
lib  nasl-Message: 16:52:07.421: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 23
lib  nasl-Message: 16:52:07.445: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * ALMOSTRO.r...........2..............@...
lib  nasl-Message: 16:52:07.445: * DEBUG * secpod_smb_func.inc * GetVer * break max_recurs *
lib  nasl-Message: 16:52:07.445: * DEBUG * secpod_smb_func.inc * GetVer * rsrc_start *
lib  nasl-Message: 16:52:07.445: * DEBUG * secpod_smb_func.inc * GetVer * rsrc_start return NULL *
lib  nasl-Message: 16:52:07.446: * DEBUG * secpod_smb_func.inc * fetch_file_version * sysVer *
lib  nasl-Message: 16:52:07.446: * DEBUG * test-fetch_file_version.nasl * fileVer * 0
root@vmgreenbone:/var/lib/openvas/plugins#

When increasing max_recurs = 32 the version is correctly detected in Windows 10 (see below), Windows Server 2019 and Windows Server 2022

max_recurs = 32, Windows 10

It was possible to log into the remote host using the SMB protocol.
Windows 10 Pro 6.3 (21H2) is installed with build number 19044
lib  nasl-Message: 16:53:51.139: * DEBUG * test-fetch_file_version.nasl * calling fetch_file_version *
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * fetch_file_version * start *
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * fetch_file_version * kb_proxy_file * SMB//fetch_file_version//c:\windows\system32//ntoskrnl.exe
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * fetch_file_version * share * c$
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * fetch_file_version * file * \windows\system32\ntoskrnl.exe
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * GetVer * start *
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * GetVer * file* \windows\system32\ntoskrnl.exe
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * GetVer * share * c$
lib  nasl-Message: 16:53:51.140: * DEBUG * secpod_smb_func.inc * GetVer * prodvers *
lib  nasl-Message: 16:53:51.162: * DEBUG * secpod_smb_func.inc * GetVer * pe_offset * 280
lib  nasl-Message: 16:53:51.210: * DEBUG * secpod_smb_func.inc * GetVer * sections_cnt * 33
lib  nasl-Message: 16:53:51.238: * DEBUG * secpod_smb_func.inc * GetVer * section_offset * 544
lib  nasl-Message: 16:53:51.239: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 0
lib  nasl-Message: 16:53:51.262: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .rdata...{\u000c......|\u000c.................@..H
lib  nasl-Message: 16:53:51.262: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 1
lib  nasl-Message: 16:53:51.291: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .pdata..0{....\u000c..|....\u000c.............@..H
lib  nasl-Message: 16:53:51.292: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 2
lib  nasl-Message: 16:53:51.316: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .idata... ......."..................@..H
lib  nasl-Message: 16:53:51.316: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 3
lib  nasl-Message: 16:53:51.338: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .edata..6....@......."..............@..@
lib  nasl-Message: 16:53:51.338: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 4
lib  nasl-Message: 16:53:51.367: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PROTDATA............................@..H
lib  nasl-Message: 16:53:51.367: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 5
lib  nasl-Message: 16:53:51.390: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * GFIDS...............................@..B
lib  nasl-Message: 16:53:51.390: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 6
lib  nasl-Message: 16:53:51.415: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * Pad1......
..p.........................B
lib  nasl-Message: 16:53:51.415: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 7
lib  nasl-Message: 16:53:51.440: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .text...Yh<... ..j<..>.............. ..h
lib  nasl-Message: 16:53:51.440: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 8
lib  nasl-Message: 16:53:51.466: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGE....nH<..p\..J<...Q............. ..`
lib  nasl-Message: 16:53:51.466: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 9
lib  nasl-Message: 16:53:51.489: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGELK...N.......P.................. ..`
lib  nasl-Message: 16:53:51.489: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 10
lib  nasl-Message: 16:53:51.513: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * POOLCODE.............B.............. ..h
lib  nasl-Message: 16:53:51.513: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 11
lib  nasl-Message: 16:53:51.535: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEKD...[... ...\...H.............. ..`
lib  nasl-Message: 16:53:51.535: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 12
lib  nasl-Message: 16:53:51.559: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEVRFY\u000c!.......".................. ..`
lib  nasl-Message: 16:53:51.559: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 13
lib  nasl-Message: 16:53:51.584: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEHDLS.%.......&.................. ..`
lib  nasl-Message: 16:53:51.585: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 14
lib  nasl-Message: 16:53:51.609: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEBGFX.i.......j.................. ..`
lib  nasl-Message: 16:53:51.609: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 15
lib  nasl-Message: 16:53:51.633: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INITKDBG.....P.......V.............. ..h
lib  nasl-Message: 16:53:51.633: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 16
lib  nasl-Message: 16:53:51.656: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * TRACESUP[........................... ..h
lib  nasl-Message: 16:53:51.656: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 17
lib  nasl-Message: 16:53:51.679: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * KVASCODE.#.......$.................. ..h
lib  nasl-Message: 16:53:51.679: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 18
lib  nasl-Message: 16:53:51.705: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * RETPOL..@....@.......(.............. ..h
lib  nasl-Message: 16:53:51.705: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 19
lib  nasl-Message: 16:53:51.732: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * MINIEX...%...P...&...0.............. ..b
lib  nasl-Message: 16:53:51.732: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 20
lib  nasl-Message: 16:53:51.755: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INIT.................V.............. ..b
lib  nasl-Message: 16:53:51.755: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 21
lib  nasl-Message: 16:53:51.775: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * Pad2.........0.........................b
lib  nasl-Message: 16:53:51.775: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 22
lib  nasl-Message: 16:53:51.799: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .data............0..................@...
lib  nasl-Message: 16:53:51.799: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 23
lib  nasl-Message: 16:53:51.825: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * ALMOSTRO.r...........2..............@...
lib  nasl-Message: 16:53:51.825: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 24
lib  nasl-Message: 16:53:51.845: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * CACHEALI.....0.......F..............@...
lib  nasl-Message: 16:53:51.845: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 25
lib  nasl-Message: 16:53:51.863: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEDATAP!...........H..............@...
lib  nasl-Message: 16:53:51.863: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 26
lib  nasl-Message: 16:53:51.882: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * PAGEVRFD.]...........`..............@...
lib  nasl-Message: 16:53:51.882: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 27
lib  nasl-Message: 16:53:51.901: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * INITDATAD|...`...................... ...
lib  nasl-Message: 16:53:51.901: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 28
lib  nasl-Message: 16:53:51.920: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * Pad3.....     .............................
lib  nasl-Message: 16:53:51.920: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 29
lib  nasl-Message: 16:53:51.939: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * CFGRO...............................@...
lib  nasl-Message: 16:53:51.939: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 30
lib  nasl-Message: 16:53:51.958: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * Pad4......... ..........................
lib  nasl-Message: 16:53:51.958: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 31
lib  nasl-Message: 16:53:51.977: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .rsrc...l...........................@..B
lib  nasl-Message: 16:53:51.977: * DEBUG * secpod_smb_func.inc * GetVer * .rsrc triggered *
lib  nasl-Message: 16:53:51.977: * DEBUG * secpod_smb_func.inc * GetVer * for iteratzion * 32
lib  nasl-Message: 16:53:52.002: * DEBUG * secpod_smb_func.inc * GetVer * sections_data * .reloc..............................@..B
lib  nasl-Message: 16:53:52.002: * DEBUG * secpod_smb_func.inc * GetVer * rsrc_start * 10552832
lib  nasl-Message: 16:53:52.028: * DEBUG * secpod_smb_func.inc * GetVer * dir_data * ................
lib  nasl-Message: 16:53:52.255: * DEBUG * secpod_smb_func.inc * fetch_file_version * sysVer * 10.0.19041.1526
lib  nasl-Message: 16:53:52.255: * DEBUG * test-fetch_file_version.nasl * fileVer * 10.0.19041.1526
root@vmgreenbone:/var/lib/openvas/plugins#

With max_recurs = 32 GVM now detects correctly missing Windows 10 Security Patches sucessfully in my environment …

I’m a bit surprised that no one else has discovered this before, especially as I assume that this should be the same in the enterprise edition/feed which is based on the community edition/feed …

Could you please verify and add this soon to the community feed so that I can use it with my docker environment?

Thank you very much.

cfi · September 20, 2023, 3:39pm

Thanks a lot for digging into this. Some team members of mine dug into this yesterday and today as well and came to the same conclusion (they used 30 instead of 32 though and it seems that it also only affects specific files like ntoskrnl.exe), prepared a patch for the team working on this code / topic for a review and is now waiting for approval of these changes.

I guess it should be only a matter of time once the patch will arrive in the feeds.

bellum · September 20, 2023, 3:49pm

According to my tests 30 isn’t enaugh for Windows Server 2022 …
It seems to me that max_recurs doesn’t need to be an exact value and can be calculated a bit higher than currently needed.

I tested with 50 and saw that the loop stops before that threshold when the .rsrc triggered or the end of the PE header has been reached.

So adding a higher value for future versions should be considiered …

Are there a release notes or a git repo available for the community feed(s)?

cfi · September 20, 2023, 3:54pm

Oh, interesting about 30 vs. 32. I have forwarded this accordingly for consideration, thanks again.

I’m not aware of any release note or public git repository for any feed.

bellum · September 22, 2023, 11:45am

Today, I saw that in NVT version 20230922T0558 a modified version of secpod_smb_func.inc has been included which now uses max_recurs = 100;

With this version the detection of missing Windows 10 Security Patches now works as expected.