Scan has Report Outdated finding on newly provisioned Greenbone Community Containers

Hiya,

I have a setup where I use cloud-init to run the setup instructions from Greenbone Community Containers 22.4 - Greenbone Community Documentation, so that I can provision a new scanning instance which comes up with the latest docker images and is ready to scan.

Here’s the relevant section of the cloud-init:

runcmd:
# Get the Greenbone CE docker-compose file and scripts
- curl -f -L https://raw.githubusercontent.com/greenbone/docs/v23.6.1/src/_static/docker-compose-22.4.yml -o /home/greenbone/docker-compose.yml
- mkdir -p /home/greenbone/scripts /home/greenbone/reports
- mv /var/lib/cloud/duffel-data/* /home/greenbone/scripts
- chown -R greenbone:greenbone /home/greenbone/scripts
- chown -R greenbone:greenbone /home/greenbone/reports
- chmod -R 775 /home/greenbone/reports # Allow writing of reports from the mounted docker volume
# Pull the Greenbone images and start Greenbone
- runuser -u greenbone -- docker-compose -f /home/greenbone/docker-compose.yml -p greenbone-community-edition pull
- runuser -u greenbone -- docker-compose -f /home/greenbone/docker-compose.yml -p greenbone-community-edition up -d

I provisioned some new instances and ran some successful scans with this setup yesterday.

A newly provisioned instance today (using the same cloud-init script) has started reporting:

NVT: Report outdated / end-of-life Scan Engine / Environment (local)
Version of installed component: 22.4.1 (Installed component: openvas-libraries on OpenVAS <= 9, openvas-scanner on Greenbone Community Edition >= 10)
Latest available openvas-scanner version: 22.7.2
Reference URL(s) for the latest available version: Greenbone Community Edition 22.4 (stable, initial release 2022-07-25)

I’ve deleted and recreated the instance a few times, to ensure it is freshly provisioned. I’ve also run through Updating the Greenbone Community Containers and Performing a Feed Synchronization, neither of which had any effect.

Here are the images I have:

REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
greenbone/notus-data            latest    eaa275e9f27c   10 hours ago   322MB
greenbone/vulnerability-tests   latest    2de34abe277d   12 hours ago   868MB
greenbone/scap-data             latest    c55ef5616cff   13 hours ago   1.6GB
greenbone/data-objects          latest    0f5311977866   13 hours ago   16.4MB
greenbone/report-formats        latest    e4daf0ca7687   13 hours ago   4.91MB
greenbone/dfn-cert-data         latest    6751e2b3a66e   14 hours ago   42.5MB
greenbone/cert-bund-data        latest    81d16a58f786   14 hours ago   71.7MB
greenbone/gvm-tools             latest    4c89aa885cea   30 hours ago   191MB
greenbone/gpg-data              latest    472c7950a73d   2 days ago     4.27MB
greenbone/redis-server          latest    b96ecb2c88b1   2 days ago     107MB
greenbone/mqtt-broker           latest    0abe39497634   2 days ago     104MB
greenbone/gsa                   stable    2d454742460a   4 days ago     155MB
greenbone/gvmd                  stable    d49a640a8fdf   8 days ago     587MB
greenbone/pg-gvm                stable    1056fc518b45   2 weeks ago    476MB
greenbone/ospd-openvas          stable    604bb308c5d7   8 weeks ago    561MB
greenbone/notus-scanner         stable    59ec67ddc438   3 months ago   313MB

Is this a mismatch between the vulnerability definition and the released image that’s available?

Thanks,
Miles

1 Like

I’m just curious to get some more information that may be required for one of the more experienced Greenbone admins to troubleshoot.

  • Is everything within the Greenbone Community Containers running as expected despite this alert?
  • Which log file was this reported in?

Hi all,

Created an account just to say i’m having the same issue.
Newly re-created docker compose container stack, same errors/warnings.

It’s weird, i’ve run these containers, auto updating every week for a few months, and have had no issues, but the last 2 weeks, i’ve had some issues. Requiring destroying volumes to get itt o work, and now this. Weird.

Warning in report is:

Version of installed component: 22.4.1 (Installed component: openvas-libraries on OpenVAS <= 9, openvas-scanner on Greenbone Community Edition >= 10)
Latest available openvas-scanner version: 22.7.2
Reference URL(s) for the latest available version: Greenbone Community Edition 22.4 (stable, initial release 2022-07-25)

Detection Method

Details: Report outdated / end-of-life Scan Engine / Environment (local) OID: 1.3.6.1.4.1.25623.1.0.108560
Version used: 2023-07-04T05:05:35Z

Solution

Solution Type:

Vendorfix

Update to the latest available stable release for your scan environment. Please check the references for more information. If you’re using packages provided by your Linux distribution please contact the maintainer of the used distribution / repository and request updated packages. If you want to accept the risk of a possible decreased scan coverage or missing detection of vulnerabilities on the target you can set a global override for this script as described in the linked GSM manual.

References

Other

https://www.greenbone.net/en/testnow/
https://forum.greenbone.net/t/greenbone-community-edition-22-4-stable-initial-release-2022-07-25/12638
https://forum.greenbone.net/t/greenbone-community-edition-21-04-end-of-life/13837
https://forum.greenbone.net/t/gvm-21-04-end-of-life-initial-release-2021-04-16/8942
https://forum.greenbone.net/t/gvm-20-08-end-of-life-initial-release-2020-08-12/6312
https://forum.greenbone.net/t/gvm-11-end-of-life-initial-release-2019-10-14/3674
https://forum.greenbone.net/t/gvm-10-end-of-life-initial-release-2019-04-05/208
https://forum.greenbone.net/t/gvm-9-end-of-life-initial-release-2017-03-07/211
https://docs.greenbone.net/GSM-Manual/gos-22.04/en/reports.html#creating-an-override

Hi,

would be nice if you can post the feed versions from the Administration → Feed Status page and paste the digest of the vulnerabilities-tests container image via docker image inspect greenbone/vulnerability-tests:latest --format "{{ index .RepoDigests 0 }}". Currently I can’t find an image with the 2de34abe277d digest.

I don’t have web UI access so I’m controlling greenbone via python-gvm.

Side note: The instance is in Google, and is accessible by IAP SSH. The reason I don’t have web UI access is that I can’t use IAP TCP Forwarding becuase I can’t get past the login page, I think due to this.

I hope this is what you’re looking for?

>>> from gvm.xml import pretty_print
>>> pretty_print(gmp.get_feeds())
<get_feeds_response status="200" status_text="OK">
  <feed>
    <type>NVT</type>
    <name>Greenbone Community Feed</name>
    <version>202307040551</version>
    <description>This script synchronizes an NVT collection with the 'Greenbone Community Feed'.
The 'Greenbone Community Feed' is provided by 'Greenbone AG'.
Online information about this feed: 'https://www.greenbone.net/en/feed-comparison/'.
</description>
  </feed>
  <feed>
    <type>SCAP</type>
    <name>Greenbone SCAP Data Feed</name>
    <version>202307040513</version>
    <description>Provided via feed-automation</description>
  </feed>
  <feed>
    <type>CERT</type>
    <name>Greenbone CERT Data Feed</name>
    <version>202307040407</version>
    <description>Provided via feed-automation</description>
  </feed>
  <feed>
    <type>GVMD_DATA</type>
    <name>Greenbone Data Objects Feed</name>
    <version>202307040505</version>
    <description>Provided via feed-automation</description>
  </feed>
</get_feeds_response>
$ docker image inspect greenbone/vulnerability-tests:latest --format "{{ index .RepoDigests 0 }}"
greenbone/vulnerability-tests@sha256:1c90b75704bfad19e3f71db12090c11809724fb319b6f41d728b5f3ba5de4470

Yes I believe so, the scan completes successfully otherwise, with no errors, and I can produce the PDF report which contains other findings.

This is a finding in the produced report, here’s the relevant <result> from the report.

<result id="74554f53-76d3-4b63-827b-923a09920426">
  <name>Report outdated / end-of-life Scan Engine / Environment (local)</name>
  <owner>
    <name>admin</name>
  </owner>
  <modification_time>2023-07-04T17:16:01Z</modification_time>
  <comment />
  <creation_time>2023-07-04T17:16:01Z</creation_time>
  <host>REDACTED<asset asset_id="6c409bef-ecff-4c59-8a03-b1b0e501c5fe" />
  <hostname>REDACTED</hostname></host>
  <port>general/tcp</port>
  <nvt oid="1.3.6.1.4.1.25623.1.0.108560">
    <type>nvt</type>
    <name>Report outdated / end-of-life Scan Engine / Environment (local)</name>
    <family>General</family>
    <cvss_base>10.0</cvss_base>
    <severities score="10.0">
      <severity type="cvss_base_v2">
        <origin />
        <date>2019-03-16T07:57:17Z</date>
        <score>10.0</score>
        <value>AV:N/AC:L/Au:N/C:C/I:C/A:C</value>
      </severity>
    </severities>
    <tags>cvss_base_vector=AV:N/AC:L/Au:N/C:C/I:C/A:C|summary=This script checks and reports an
      outdated or end-of-life scan
      engine for the following environments:

      - Greenbone Community Edition

      - Greenbone Enterprise TRIAL (formerly Greenbone Security Manager TRIAL / Greenbone Community
      Edition VM)

      used for this scan.

      NOTE: While this is not, in and of itself, a security vulnerability, a severity is reported to
      make you aware of a possible decreased scan coverage or missing detection of vulnerabilities
      on
      the target due to e.g.:

      - missing functionalities

      - missing bugfixes

      - incompatibilities within the feed|insight=|affected=|impact=|solution=Update to the latest
      available stable release for your scan
      environment. Please check the references for more information. If you're using packages
      provided
      by your Linux distribution please contact the maintainer of the used distribution / repository
      and
      request updated packages.

      If you want to accept the risk of a possible decreased scan coverage or missing detection of
      vulnerabilities on the target you can set a global override for this script as described in
      the
      linked GSM manual.|vuldetect=|solution_type=VendorFix</tags>
    <solution type="VendorFix">Update to the latest available stable release for your scan
      environment. Please check the references for more information. If you're using packages
      provided
      by your Linux distribution please contact the maintainer of the used distribution / repository
      and
      request updated packages.

      If you want to accept the risk of a possible decreased scan coverage or missing detection of
      vulnerabilities on the target you can set a global override for this script as described in
      the
      linked GSM manual.</solution>
    <refs>
      <ref type="url" id="https://www.greenbone.net/en/testnow/" />
      <ref type="url"
        id="https://forum.greenbone.net/t/greenbone-community-edition-22-4-stable-initial-release-2022-07-25/12638" />
      <ref type="url"
        id="https://forum.greenbone.net/t/greenbone-community-edition-21-04-end-of-life/13837" />
      <ref type="url"
        id="https://forum.greenbone.net/t/gvm-21-04-end-of-life-initial-release-2021-04-16/8942" />
      <ref type="url"
        id="https://forum.greenbone.net/t/gvm-20-08-end-of-life-initial-release-2020-08-12/6312" />
      <ref type="url"
        id="https://forum.greenbone.net/t/gvm-11-end-of-life-initial-release-2019-10-14/3674" />
      <ref type="url"
        id="https://forum.greenbone.net/t/gvm-10-end-of-life-initial-release-2019-04-05/208" />
      <ref type="url"
        id="https://forum.greenbone.net/t/gvm-9-end-of-life-initial-release-2017-03-07/211" />
      <ref type="url"
        id="https://docs.greenbone.net/GSM-Manual/gos-22.04/en/reports.html#creating-an-override" />
    </refs>
  </nvt>
  <scan_nvt_version>2023-07-04T05:05:35Z</scan_nvt_version>
  <threat>High</threat>
  <severity>10.0</severity>
  <qod>
    <value>97</value>
    <type />
  </qod>
  <description>
    Version of installed component: 22.4.1 (Installed component: openvas-libraries on
    OpenVAS &lt;= 9, openvas-scanner on Greenbone Community Edition &gt;= 10)
    Latest available openvas-scanner version: 22.7.2
    Reference URL(s) for the latest available version:
    https://forum.greenbone.net/t/greenbone-community-edition-22-4-stable-initial-release-2022-07-25/12638
</description>
  <original_threat>High</original_threat>
  <original_severity>10</original_severity>
</result>

Thanks. That’s the latest image for the vulnerability-tests. Sadly I am not able to reproduce the issue at the moment.

Hi everyone! Today we also encountered this issue.

greenbone/vulnerability-tests@sha256:1c90b75704bfad19e3f71db12090c11809724fb319b6f41d728b5f3ba5de4470

greenbone/ospd-openvas:2.5.1 with OpenVAS 22.4.1 inside

here is the feed status page: (Sorry for the formatting)

Also to note, i really only see the error when doing a compare with a previous scan.
The only reason i did this was because i noticed that the number of CVEs detected had increased, but when viewing the report on it’s own, it didn’t show. So comparing to another report, it did show them as new detentions. It was weird.

Containers are updated weekly, i even updated right before the scan.


Type
Content
Origin
Version
Status
NVT
NVTs
Greenbone Community Feed
20230704T0551
2 days old
SCAP
CVEs
CPEs
Greenbone SCAP Data Feed
20230704T0513
2 days old
CERT
CERT-Bund Advisories
DFN-CERT Advisories
Greenbone CERT Data Feed
20230704T0407
2 days old
GVMD_DATA
Compliance Policies
Port Lists
Report Formats
Scan Configs
Greenbone Data Objects Feed
20230704T0505
2 days old

Hi everyone!

Same issue here. Installed community containers following the description.

The message shows up for IP addresses that are not in use - so really not assigned to any device. I use the “Consider Alive” setting.

Scanning of existing IPs works fine - issues are reported.

Version of installed component:           22.4.1 (Installed component: openvas-libraries on OpenVAS <= 9, openvas-scanner on Greenbone Community Edition >= 10)
Latest available openvas-scanner version: 22.7.2
Reference URL(s) for the latest available version: https://forum.greenbone.net/t/greenbone-community-edition-22-4-stable-initial-release-2022-07-25/12638
1 Like

There a temporary fix way to modify the docker-compose.yml file to pull from a previous version or tag rather than the image: greenbone/<service-name>:stable for each service? This would allows building of the docker containers to revert to the previous version that is functional.

So for example, here is the docker hub tags page for the gvmd: Docker

You can set all the images in the docker-compose.yml files to tags that were before the bug started, such as:

gvmd:
    image: greenbone/gvmd:22.5.1

Which was pushed about 10 days ago.

or

gvmd:
    image: greenbone/gvmd:oldstable

Which was 7 months ago

Hi everyone, same issue here with a fresh new install of Greenbone Community Containers.

As zrcadlo7 noticed, I also think the problem is in the latest/stable container image of ospd-openvas (v22.5.1 May 8, 2023). This image has the old OpenVAS 22.4.1~dev1 inside it.

1 Like

Mine is like this too and I don’t know what to do:

Version of installed component: 22.4.1 (Installed component: openvas-libraries on OpenVAS <= 9, openvas-scanner on Greenbone Community Edition >= 10)

Latest available openvas-scanner version: 22.7.2
Reference URL(s) for the latest available version: Greenbone Community Edition 22.4 (stable, initial release 2022-07-25)

This issue should be fixed for the Greenbone Community Containers already. The ospd-openvas 22.5.3 release is used now and it’s image is coming with the newest openvas-scanner version.

1 Like

Is there a minimum version of gvmd that we should be using to match ospd-openvas 22.5.3?
I’m getting some ‘Erroneous scan progress value’ and ‘scan interrupted’ errors popping up when using gvmd 22.5.1

Hi bricks,

I updated the openvas-scanner image to 22.5.3 and the problem is solved now. Thank you for the fix!

I updated the openvas-scanner image with the following steps
(1) stopped the container
(2) deleted the container
(3) deleted/pruned the image

(4) recreated the image/container with:
To update image i modified the docker-compose-22.4.yml and removed everything expect the block for openvas-scanner. Then i started docker-compose -f ~/greenbone-community-container/docker-compose-22.4-openvas.yml -p greenbone-community-edition up -d

This worked but may not be the best way to do the update :slight_smile:

Please upgrade to gvmd 22.5.4 aka. stable now see https://hub.docker.com/r/greenbone/gvmd/tags

3 Likes

I did use docker pull greenbone/gvmd:22.5.4 on my command line but dont seem to work (maybe I’m doing it wrong) but its still 22.4.1

Still seeing alerts using “stable” clean install including gvmd 25.5.5. This looks like an SCM problem.

Detection Result

Version of installed component: 22.7.2 (Installed component: openvas-libraries on OpenVAS <= 9, openvas-scanner on Greenbone Community Edition >= 10)
Latest available openvas-scanner version: 22.7.3
Reference URL(s) for the latest available version: Greenbone Community Edition 22.4 (stable, initial release 2022-07-25)

Detection Method

Solution

Solution Type: Vendorfix

Update to the latest available stable release for your scan environment. Please check the references for more information. If you’re using packages provided by your Linux distribution please contact the maintainer of the used distribution / repository and request updated packages. If you want to accept the risk of a possible decreased scan coverage or missing detection of vulnerabilities on the target you can set a global override for this script as described in the linked GSM manual.

Looks like the source code installation instructions at Building 22.4 from Source - Greenbone Community Documentation (which is the newest document?) do not reference the correct stable/release version strings?