Message-ID: <email address hidden>
Date: Thu, 15 Dec 2005 22:17:13 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Marc Haber <email address hidden>, <email address hidden>
Subject: Re: Bug#343487: nessusd: cannot connect to 2.2.5-3 server
On Thu, Dec 15, 2005 at 07:18:04PM +0100, Marc Haber wrote:
> [2/83]mh@scyw00225[chroot sid]:~$ md5sum nessusd_2.2.5-3_i386.deb
> 5540b1f4dfd81c4ba3c71ac4e2dbecfa nessusd_2.2.5-3_i386.deb
> [3/84]mh@scyw00225[chroot sid]:~$
That is correct, however, with that one, as I said:
And that one *works* with my Nessus client (2.2.5-2), I just tried. Are you
sure you are using the same Nessus daemon provided by the package, have you
restarted it?
Could you show me the output of 'dpkg -l "*libssl*"'
In my system it shows:
ii libssl-dev 0.9.8a-4 SSL development libraries, header files a=
nd
ii libssl0.9.6 0.9.6m-1 SSL shared libraries (old version)
ii libssl0.9.7 0.9.7g-5 SSL shared libraries
ii libssl0.9.8 0.9.8a-4 SSL shared libraries
Maybe it is *not* failing in my system because libssl0.9.7 is installed even
though there is not a declared dependency for it in the Nessusd package (it
says libssl0.9.8 (>=3D 0.9.8a-1), it *is* there for the nessus-plugins pack=
age
though so if you do the typical installation (nessusd, nessus and
nessus-plugins) it works.
In any case, if you *don't* have libssl0.9.7 the Nessusd (2.2.5-3) would
complain:
$ sudo /etc/init.d/nessusd start Starting Nessus daemon: /usr/sbin/nessusd:
error while loading shared libraries: libssl.so.0.9.7: cannot open shared
object file: No such file or directory
ERROR.
Can you please send me a full list of the nessus packages installed and the
output of ldd for those?
> The issue is, however, with the daemon. 2.2.5-2 works with all clients
> I tried, and 2.2.5-3 fails with all clients I tried.
Not for me, just tested and works fine with nessusd 2.2.5-3 and nessus
2.2.5-2. There are two problems here:
If you want me to get access to the chroot to diagnose, feel free to send me
access through private e-mail. In any case I'm going to recompile it so that
it *only* links against the latest openssl version (might require relinking
of all nessus packages though)
Regards
Javier
--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden> 1?Q?Fern= E1ndez- Sanguino_ Pe=F1a? = <email address hidden>
Date: Thu, 15 Dec 2005 22:17:13 +0100
From: Javier =?iso-8859-
To: Marc Haber <email address hidden>, <email address hidden>
Subject: Re: Bug#343487: nessusd: cannot connect to 2.2.5-3 server
--Q68bSM7Ycu6FN28Q Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
On Thu, Dec 15, 2005 at 07:18:04PM +0100, Marc Haber wrote: scyw00225[ chroot sid]:~$ md5sum nessusd_ 2.2.5-3_ i386.deb ba3c71ac4e2dbec fa nessusd_ 2.2.5-3_ i386.deb scyw00225[ chroot sid]:~$
> [2/83]mh@
> 5540b1f4dfd81c4
> [3/84]mh@
That is correct, however, with that one, as I said:
$ ldd /usr/sbin/nessusd |grep ssl =20 i686/cmov/ libssl. so.0.9. 8 (0x40115000)
libssl. so.0.9. 7 =3D> /usr/lib/ i686/cmov/ libssl. so.0.9. 7 (0x403b4000)
libssl.so.0.9.8 =3D> /usr/lib/
And that one *works* with my Nessus client (2.2.5-2), I just tried. Are you
sure you are using the same Nessus daemon provided by the package, have you
restarted it?
Could you show me the output of 'dpkg -l "*libssl*"'
In my system it shows:
ii libssl-dev 0.9.8a-4 SSL development libraries, header files a=
nd
ii libssl0.9.6 0.9.6m-1 SSL shared libraries (old version)
ii libssl0.9.7 0.9.7g-5 SSL shared libraries
ii libssl0.9.8 0.9.8a-4 SSL shared libraries
Maybe it is *not* failing in my system because libssl0.9.7 is installed even
though there is not a declared dependency for it in the Nessusd package (it
says libssl0.9.8 (>=3D 0.9.8a-1), it *is* there for the nessus-plugins pack=
age
though so if you do the typical installation (nessusd, nessus and
nessus-plugins) it works.
In any case, if you *don't* have libssl0.9.7 the Nessusd (2.2.5-3) would
complain:
$ sudo /etc/init.d/nessusd start Starting Nessus daemon: /usr/sbin/nessusd:
error while loading shared libraries: libssl.so.0.9.7: cannot open shared
object file: No such file or directory
ERROR.
Can you please send me a full list of the nessus packages installed and the
output of ldd for those?
> The issue is, however, with the daemon. 2.2.5-2 works with all clients
> I tried, and 2.2.5-3 fails with all clients I tried.
Not for me, just tested and works fine with nessusd 2.2.5-3 and nessus
2.2.5-2. There are two problems here:
- binary linked against both libssl versions (see=20 lists.debian. org/debian- release/ 2005/10/ msg00125. html)
http://
- Undeclared dependencies, but that is another (different) issue.
If you want me to get access to the chroot to diagnose, feel free to send me
access through private e-mail. In any case I'm going to recompile it so that
it *only* links against the latest openssl version (might require relinking
of all nessus packages though)
Regards
Javier
--Q68bSM7Ycu6FN28Q pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
dgtyBSwkRAmC2AJ 97c9PwsieuWRfve 6PaBD8se14iTACf VQq+ gcwS/vK0=
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDod1Zsan
xJcyTNwHTIe8loc
=uuAv
-----END PGP SIGNATURE-----
--Q68bSM7Ycu6FN 28Q--