Ubuntu
nessus-core package

Bug #27698
Comment #17

Comment 17 for bug 27698

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-12-28:

#17

Message-ID: <email address hidden>
Date: Thu, 15 Dec 2005 22:17:13 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Marc Haber <email address hidden>, <email address hidden>
Subject: Re: Bug#343487: nessusd: cannot connect to 2.2.5-3 server

--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 15, 2005 at 07:18:04PM +0100, Marc Haber wrote:
> [2/83]mh@scyw00225[chroot sid]:~$ md5sum nessusd_2.2.5-3_i386.deb
> 5540b1f4dfd81c4ba3c71ac4e2dbecfa nessusd_2.2.5-3_i386.deb
> [3/84]mh@scyw00225[chroot sid]:~$

That is correct, however, with that one, as I said:

$ ldd /usr/sbin/nessusd |grep ssl =20
libssl.so.0.9.8 =3D> /usr/lib/i686/cmov/libssl.so.0.9.8 (0x40115000)
libssl.so.0.9.7 =3D> /usr/lib/i686/cmov/libssl.so.0.9.7 (0x403b4000)

And that one *works* with my Nessus client (2.2.5-2), I just tried. Are you
sure you are using the same Nessus daemon provided by the package, have you
restarted it?

Could you show me the output of 'dpkg -l "*libssl*"'

In my system it shows:

ii libssl-dev 0.9.8a-4 SSL development libraries, header files a=
nd
ii libssl0.9.6 0.9.6m-1 SSL shared libraries (old version)
ii libssl0.9.7 0.9.7g-5 SSL shared libraries
ii libssl0.9.8 0.9.8a-4 SSL shared libraries

Maybe it is *not* failing in my system because libssl0.9.7 is installed even
though there is not a declared dependency for it in the Nessusd package (it
says libssl0.9.8 (>=3D 0.9.8a-1), it *is* there for the nessus-plugins pack=
age
though so if you do the typical installation (nessusd, nessus and
nessus-plugins) it works.

In any case, if you *don't* have libssl0.9.7 the Nessusd (2.2.5-3) would
complain:

$ sudo /etc/init.d/nessusd start Starting Nessus daemon: /usr/sbin/nessusd:
error while loading shared libraries: libssl.so.0.9.7: cannot open shared
object file: No such file or directory

ERROR.

Can you please send me a full list of the nessus packages installed and the
output of ldd for those?

> The issue is, however, with the daemon. 2.2.5-2 works with all clients
> I tried, and 2.2.5-3 fails with all clients I tried.

Not for me, just tested and works fine with nessusd 2.2.5-3 and nessus
2.2.5-2. There are two problems here:

- binary linked against both libssl versions (see=20
http://lists.debian.org/debian-release/2005/10/msg00125.html)
- Undeclared dependencies, but that is another (different) issue.

If you want me to get access to the chroot to diagnose, feel free to send me
access through private e-mail. In any case I'm going to recompile it so that
it *only* links against the latest openssl version (might require relinking
of all nessus packages though)

Regards

Javier

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDod1ZsandgtyBSwkRAmC2AJ97c9PwsieuWRfve6PaBD8se14iTACfVQq+
xJcyTNwHTIe8locgcwS/vK0=
=uuAv
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--

Message-ID: <20051215211713.GA26652@javifsp.no-ip.org>
Date: Thu, 15 Dec 2005 22:17:13 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <jfs@computer.org>
To: Marc Haber <mh+debian-bugs@zugschlus.de>, 343487@bugs.debian.org
Subject: Re: Bug#343487: nessusd: cannot connect to 2.2.5-3 server

--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 15, 2005 at 07:18:04PM +0100, Marc Haber wrote:
> [2/83]mh@scyw00225[chroot sid]:~$ md5sum nessusd_2.2.5-3_i386.deb
> 5540b1f4dfd81c4ba3c71ac4e2dbecfa  nessusd_2.2.5-3_i386.deb
> [3/84]mh@scyw00225[chroot sid]:~$

That is correct, however, with that one, as I said:

$ ldd /usr/sbin/nessusd  |grep ssl       =20
	libssl.so.0.9.8 =3D> /usr/lib/i686/cmov/libssl.so.0.9.8 (0x40115000)
        libssl.so.0.9.7 =3D> /usr/lib/i686/cmov/libssl.so.0.9.7 (0x403b4000)

And that one *works* with my Nessus client (2.2.5-2), I just tried. Are you
sure you are using the same Nessus daemon provided by the package, have you
restarted it?

Could you show me the output of 'dpkg -l "*libssl*"'

In my system it shows:

ii  libssl-dev     0.9.8a-4       SSL development libraries, header files a=
nd
ii  libssl0.9.6    0.9.6m-1       SSL shared libraries (old version)
ii  libssl0.9.7    0.9.7g-5       SSL shared libraries
ii  libssl0.9.8    0.9.8a-4       SSL shared libraries

In any case, if you *don't* have libssl0.9.7 the Nessusd (2.2.5-3) would
complain:

$ sudo /etc/init.d/nessusd start Starting Nessus daemon: /usr/sbin/nessusd:
error while loading shared libraries: libssl.so.0.9.7: cannot open shared
object file: No such file or directory

ERROR.

Can you please send me a full list of the nessus packages installed and the
output of ldd for those?

> The issue is, however, with the daemon. 2.2.5-2 works with all clients
> I tried, and 2.2.5-3 fails with all clients I tried.

Not for me, just tested and works fine with nessusd 2.2.5-3 and nessus
2.2.5-2. There are two problems here:

- binary linked against both libssl versions (see=20
  http://lists.debian.org/debian-release/2005/10/msg00125.html)
- Undeclared dependencies, but that is another (different) issue.

Regards

Javier

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDod1ZsandgtyBSwkRAmC2AJ97c9PwsieuWRfve6PaBD8se14iTACfVQq+
xJcyTNwHTIe8locgcwS/vK0=
=uuAv
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--

Ubuntunessus-core package

Comment 17 for bug 27698

Ubuntu
nessus-core package