NVT: Cups < 1.3.8 vulnerability: 1.3.6.1.4.1.25623.1.0.90017 reports a false positive on a Gentoo system. Installed version is:
# emerge cups -pv
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] net-print/cups-2.3.3-r1::gentoo USE="acl pam ssl threads -X -dbus -debug -kerberos -lprng-compat (-selinux) -static-libs -systemd -usb -xinetd -zeroconf" ABI_X86="(64) -32 (-x32)" 7.950 KiBHi there,
thanks for bringing this to our attention.
The VT seems to lack a proper version check and already reports if any version has been found, regardless if it’s affected or not. We will take care of that.
Cheers
@tgurr The false positive has been corrected and the reworked VT should make it into the feed with the next update.
Cheers
One additional note:
This aged VT (plus two additional ones) had done some package manager based checks for various Distros (SUSE, Fedora, Gentoo and Ubuntu) for which newer and more reliable distro-specific Local Security Checks (LSC) already existed.
Instead of fixing these aged VTs they got migrated to plain version checks for the products with a lower Quality of Detection (QoD).