GSA detects manticoresearch services (manticoresearch com) 9306-9307/tcp like MySQL servers.
It follows to many false alerts about vulnurable versions.
Looks like GSA greps manticoresearch tcp answer (“5.0.0 … mysql_native_password:”) and decides that it’s MySQL server with the version 5.0.0.
I don’t know why, because native Nmap (7.93, “-sS -sV -p 9307 --version-all”) doesn’t detect it like MySQL server.
Technically speaking the detection itself looks correct. Manticore started as fork of the Spinx 2.x search service and Sphinx offers the following functionality:
Sphinx searchd daemon supports MySQL binary network protocol and can be accessed with regular MySQL API
The same applies with a high chance to Manticore as well and tus the service in question is currently correctly detected as a MySQL service.
From a vulnerability test perspective the service indeed could be detected as a Manticore service so that MySQL tests working on a version of MySQL are not running against / reporting for an unaffected different product.
This could be handled for Manticore in a similar way then sw_sphinxsearch_detect.nasl / mysql_version.nasl for Sphinx.
I will create an internal task for this improvement but (unfortunately) don’t see that this will be done anytime soon so the following would be required: