Scan Interrupted at 98%

Building from Source and Advanced Topics
1

I have a remote Openvas Scanner that keeps interrupting at 98% every time. This scan was on a /24 with several devices (in this scan 3 active). Based on past posts related to the issue, most of them pointed to Redis as the problem and used those as a starting point. However, in previous versions using the same redis settings, we never had an issue. Memory isn’t the issue either, as the scanner is configured with 4 vCPU, 16GB of RAM, and 60 GB of storage. NVT is also fully synced to the latest at the time of posting.

==> /var/log/gvm/ospd-openvas.log <==
OSPD[33] 2022-09-15 20:03:42,469: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, p lease wait...

==> /var/log/gvm/openvas.log <==
libgvm util:MESSAGE:2022-09-15 20h07.08 utc:58: Updated NVT cache from version 0 to 202209151012

==> /var/log/gvm/ospd-openvas.log <==
OSPD[33] 2022-09-15 20:07:08,883: INFO: (ospd_openvas.daemon) Finished loading VTs. The VT cache has been updated from version 0 to 202209151012.

I’m not sure if there is an underlying issue, but each time the logs show a Buffer Overflow followed by the scan is completed. Listed below is the log along with what is in the docker image:

  • Ubuntu 22.04 LTS (AMD 64)
  • Contains the following packages, all using the very latest Github MAIN branch (22.04 dev): GVM-libs, Openvas-scanner, Openvas-smb, OSPD-Openvas, Notus-Scanner, latest redis, latest mosqitto

Link to development docker: NetizenCorp/OpenVAS-Docker at dev (github.com)

==> /var/log/gvm/ssh-connection.log <==
2022/09/15 20:26:14 autossh[56]: received SIGALRM (end-of-life 0)
2022/09/15 20:26:14 autossh[56]: check on child 59
2022/09/15 20:26:14 autossh[56]: clear alarm timer (0 secs left)
2022/09/15 20:26:14 autossh[56]: set alarm for 600 secs
*** buffer overflow detected ***: terminated

==> /var/log/gvm/openvas.log <==
sd   main:MESSAGE:2022-09-15 20h29.18 utc:61779: Running LSC via Notus for 192.168.10.1
1663273759: Client 517c75da-0934-4592-8178-c06cb5dbcb2d closed its connection.
sd   main:MESSAGE:2022-09-15 20h29.19 utc:61745: Vulnerability scan cf188d6f-1249-4ea3-9e1c-2e03ab2f1610 finished in 1902 seconds: 3 alive hosts of 254

==> /var/log/gvm/ospd-openvas.log <==
OSPD[33] 2022-09-15 20:29:20,640: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Host scan finished.
OSPD[33] 2022-09-15 20:29:20,641: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Host scan got interrupted. Progress: 98, Status: RUNNING
OSPD[33] 2022-09-15 20:29:20,641: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:23,656: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:23,657: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:23,832: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:23,833: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:24,229: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:24,229: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.
OSPD[33] 2022-09-15 20:29:24,353: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan process is dead and its progress is 98
OSPD[33] 2022-09-15 20:29:24,355: INFO: (ospd.ospd) cf188d6f-1249-4ea3-9e1c-2e03ab2f1610: Scan interrupted.

Redis Server Config: redis-server --unixsocket /run/redis/redis.sock --unixsocketperm 700 --timeout 0 --databases 65536 --maxclients 4096 --daemonize yes --port 6379 --bind 0.0.0.0
Redis permissions are root:root, but again, no issues regarding this in the past.

Note: This reports to a master system with GVM and all the remaining software on it. The previous software version, 21.4.4, had no issues regarding constant interrupts.

3 Likes
2

Just started up the docker version of OpenVAS 22.04 (followed Greenbone Community Containers 22.4 - Greenbone Community Documentation instruction) and got the same “buffer overflow detected” error and scan stops at 98% when doing a “Full and fast” scan on 1 target

Just cant figure out what todo to solve this :frowning:

1 Like
3

I wonder if it has to do with notus, because once openvas finishes and it’s ready to pass it on to notus, it fails. Not sure if @bricks can explain the scanning process of a task?

4

I’m experiencing the same issue. My setup was installed using Greenbone Community Containers 22.4 - Greenbone Community Documentation

OSPD[1] 2022-09-22 03:41:27,430: INFO: (ospd_openvas.daemon) Finished loading VTs. The VT cache has been updated from version 0 to 202209191012.
OSPD[1] 2022-09-22 03:42:44,537: INFO: (ospd.ospd) Currently 1 queued scans.
OSPD[1] 2022-09-22 03:42:44,710: INFO: (ospd.ospd) Starting scan 915b9d17-038d-4219-8f13-822bb2538313.
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
Oops, ksba_cert_get_image failed: imagelen=51  hdr=4 len=735 off=0
*** buffer overflow detected ***: terminated
OSPD[1] 2022-09-22 03:52:42,141: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Host scan finished.
OSPD[1] 2022-09-22 03:52:42,143: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Host scan got interrupted. Progress: 98, Status: RUNNING
OSPD[1] 2022-09-22 03:52:42,144: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan interrupted.
OSPD[1] 2022-09-22 03:52:46,221: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan process is dead and its progress is 98
OSPD[1] 2022-09-22 03:52:46,222: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan interrupted.
OSPD[1] 2022-09-22 03:52:46,225: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan process is dead and its progress is 98
OSPD[1] 2022-09-22 03:52:46,226: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan interrupted.
OSPD[1] 2022-09-22 03:52:46,320: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan process is dead and its progress is 98
OSPD[1] 2022-09-22 03:52:46,321: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan interrupted.
OSPD[1] 2022-09-22 03:52:46,336: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan process is dead and its progress is 98
OSPD[1] 2022-09-22 03:52:46,336: INFO: (ospd.ospd) 915b9d17-038d-4219-8f13-822bb2538313: Scan interrupted.
5

The same issue here. We have tested on standard Ubuntu 20.04 and Ubuntu 22.04 with Ubuntu default Docker Repo. We have the ospd down to version 22.4.1 and it looks like it is working.

ospd-openvas:
image: greenbone/ospd-openvas:22.4.1

1 Like
6

I will check that out and see if that fixes it on my end. I build my own docker containers but it’s based on the install instructions. But thank you for the heads up

7

Just tried the 22.4.1 version of OSPD, and it still interrupts at 98%. Not sure what the issue is but it’s extremely hard to pinpoint.

8

I’ve also been running into this issue. Here is what I’ve discovered. Up until mid-August (last time I was scanning) I used the community container instructions for 22.4 with Ubuntu 22.04 LTS and everything worked perfectly.

Now I get the following error from redis-server_1 when I start the service and display the logs “Failed opening the RDB file dump.rdb (in server root dir /) for saving: Permission denied”

Screen Shot 2022-09-22 at 4.57.40 PM
Screen Shot 2022-09-22 at 4.57.40 PM977×285 129 KB

Then later my scans stop at 98% and return the buffer overflow error. This makes sense, as the instructions currently stand the scans run, which I can see by the various results that pop up mid-run, but the results cannot be saved (redis issue).

@bricks Maybe you could shed some insight here? The instructions were working perfectly before, so why would there be a permission issue with the redis-server making it impossible for the scans to successfully save the results?

EDIT: I’ve also noticed that before I was seeing pings going back and forth (I believe from redis-server). I no longer see outgoing or incoming pings in my logs.

9

Hello everyone,
Not sure, but this patch could fix the issue.
It was recently merged in the stable branch.

Please let me know if this solved the problem.
Best regards,

10

I just tested again on a new VM with a fresh install and got the same issue, again I am seeing the VTs return results in the web portal while the scan is running, but it fails to save the results and gives a buffer overflow, then interrupting at 98%.

11

I’ve edited my docker-compose file using the image you suggested and it completes successfully now. \o/

12

Same here was breaking at 98/99% - now “Complete”

ospd-openvas:
# image: greenbone/ospd-openvas:stable
image: greenbone/ospd-openvas:22.4.1

Guess “stable” isn’t so great ATM!

@bricks - looks like a bug?

My reports had these errors in pre going to 22.4.1

image

13

Currently stable just means it’s build from the stable branch. Nothing else. The stable branches get fixes for issues found in our products including the community edition. This time it seems a regression has been introduced. In general issues in the scanner are very difficult to debug. So please be patient until this specific issue gets fixed and use the 22.4.1 tag of the ospd-openvas image instead.

3 Likes
14

Just a small update. I was able to reproduce the issue with the community container. In my dev environment, installed from sources, I still can’t reproduce it.
Also, it happens with a F&F scan config, but not with smaller scan configs (ssh authorization check). Not related with Notus, since a small scan config running only LSC finishes as expected.

2 Likes
15

Hello everyone,

I was able to fix this issue by un-checking the box labeled “save to assets” in the scan config. Hopefully this helps someone!

1 Like
16

For me it helped as well to unset “Save to Assets”. Bad for anyone who needs to save the scan to assets.

Downgrading ospd-openvas to 22.4.1 as supposed by @merlian did not work for me.