-1

I'm trying to lock down an Ubuntu 20.04 image by removing vulnerable packages we don't use. I've run a Nessus Advanced Network Scan with the SSH login credentials and it found a number of issues, for instance "Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6026-1)" (https://ubuntu.com/security/notices/USN-6026-1). So I removed vim using:

sudo apt-get purge vim

rebooted the device and reran the scan. But I'm still getting the same issue. The security notice https://ubuntu.com/security/notices/USN-6026-1 only mentions vim, it doesn't give the name of any other packages that need to be removed. How can I resolve this?

vim isn't the only package I'm having this problem with, I also see it for others (ceph, cups-filters, libreoffice, etc).

parsley72
  • 382
  • 2
    This is probably a question for nessus devs. Most so called security scanners have false positives, which is obviously the case here. File a bug report, or contact someone at nessus.whatever, or just let it be. – mikewhatever Mar 22 '24 at 18:25
  • I can't create a login to their website. – parsley72 Mar 22 '24 at 21:52
  • 1
    Why the heck would vim be a security hazard?! All you are doing here is making it more difficult for you to edit files. You should differentiate between 2 situations: outside threat: server software like apache, mysql: do not install those if you do not use them. OR disable the service and only use it when you need it. The other is internal and if you do not trust family/co-workers you will need to stand behind their back when they use the system:a reboot into a live session gives root access so pretty worthless to worry about security. Use a decent password for your admin for a 1st barrier – Rinzwind Mar 23 '24 at 16:41
  • regarding https://ubuntu.com/security/notices/USN-6026-1 see all the cve's and you will notice all have been fixed so as long as you have updated all security updates your vim is updated. That "scan" is showing false positives. – Rinzwind Mar 23 '24 at 17:05
  • Note also you may want to read the USN and indicate that those're fixed. Nessus does NOT check the actual installed package version against known patches, you need Nessus Pro with credentialed login for that to function. – Thomas Ward Mar 24 '24 at 00:09

1 Answers1

0

I can't figure out how to do this in the UI, but if I export the report as a PDF then under the issue:

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6026-1)

there's a subsection "Assets" with:

  • Installed package : xxd_2:8.1.2269-1ubuntu5.11
  • Fixed package: xxd_2:8.1.2269-1ubuntu5.14

Removing xxd removes the vim issues from the next scan.

parsley72
  • 382