eEye Digital Security

We believe this to be a false-positive.

The Retina report states to Apply patch 143502-01 or newer - which we promptly accomplished (and have rebooted).

# showrev -p |grep 143502
Patch: 143502-01 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWgnome-base-libs

Retina is still showing this as a Cat I Finding.

The details in the report are odd here. It this saying that it tested for packages/patches with the textual name "SUNWGNOME-BASE-LIBS" and only found the patch 125095-15 with that name?  Is Retina not explicitly looking for the patch 143502-01 that it wants installed?!?

Tested Value:      +(SUNWGNOME-BASE-LIBS)
Found Value:     PATCH: 125095-15 OBSOLETES: REQUIRES: INCOMPATIBLES: PACKAGES: SUNWOCFD, SUNWCSU, SUNWCSR, SUNWCNETR, SUNWCAR, SUNWCAKR, SUNWKVM, SUNWCKR, SUNWCSD, SUNWTER, SUNWPL5U, SUNWTFTP, SUNWPERL584CORE, SUNWPERL584USR, SUNWESU, SUNWXWDV, SUNWCSLR, SUNWKRBR, S

If I do a search for all related GNome patches, I get

# showrev -p|grep -i SUNWGNOME-BASE-LIBS
Patch: 120460-16 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWgnome-base-libs-root, SUNWgnome-base-libs-share, SUNWgnome-base-libs, SUNWgnome-base-libs-devel-share, SUNWgnome-base-libs-devel
Patch: 122700-02 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWgnome-base-libs-root
Patch: 143502-01 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWgnome-base-libs

 I believe you are correct!  Somebody fat fingered the entry in the audits.xml file. 

Search for the ID number of the check, in quotes (i.e. “11957”), in the “audits.xml” file located in Retina’s “database” subdirectory.  Check out the “data” tag.  You can edit it to add the missing close-parenthesis (i.e. change “(143502-([1-9][0-9]|0[1-9])” to “(143502-([1-9][0-9]|0[1-9]))”).  Then rescan.

I hope that helps (it worked for me).