English | Deutsch
Home »

OpenVAS Change Request #4: Remove plugin upload feature

Status: Voted +4. Done. Feature is no longer present in OpenVAS 2.0.

Purpose

To reduce code base.

To avoid the risk of security problems.

References

none.

Rationale

This feature was introduced in Nessus version 1.1.11 according to openvas-server/CHANGES.

Uploaded script are a potential source of security problems. They are executed regardless of the the signature policy and for example can include and execute .inc files even if they have a invalid signature.

Apart from this, the feature seems not really required in practice. This assumption is supported by the fact that OpenVAS-Client (and thus Nessus-Client) did not implement a feature to upload plugins.

Effects

Design and Implementation

History