Crazy screen flicker after import of OpenVAS scan results

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Scan a host with OpenVAS. (I used Metasploitable in VBox as the target).
2. Using Greenbone Security Assistant (Web Site) download the results as an XML 
file.
3. WARNING: If you are epileptic I would suggest not doing this next part! 
-Import the results using the "Import and auto-detect file" menu option.
4. Craziness.

What is the expected output? What do you see instead?
I would expect to see the scan imported. Instead there is a crazy screen 
flicker and unless I kill the process from a remote ssh session, there is a 
total loss of control of the machine.

What version of Metasploit are you using (type: svn info)? On which
operating system?
msf > svn info
[*] exec: svn info

Path: .
URL: https://www.metasploit.com/svn/framework3/trunk
Repository Root: https://www.metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 13717
Node Kind: directory
Schedule: normal
Last Changed Author: scriptjunkie
Last Changed Rev: 13717
Last Changed Date: 2011-09-10 23:47:01 -0400 (Sat, 10 Sep 2011)

...on Backtrack 5 (In VBox)

root@bt:~# uname -a
Linux bt 2.6.39.4 #1 SMP Wed Aug 17 21:42:30 EDT 2011 x86_64 GNU/Linux

Which database are you using?

Postgres

Please provide any additional information below.

root@bt:/pentest/miscellaneous/openvas# ./openvas-check-setup.sh 
openvas-check-setup 2.0.6
  Test completeness and readiness of OpenVAS-4

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 3.2.3.
        OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 22998 NVTs.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 2.0.4.
        OK: OpenVAS Manager client certificate is present as /usr/local/var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in /usr/local/var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 41.
        OK: OpenVAS Manager expects database at revision 41.
        OK: Database schema is up to date.
        OK: OpenVAS Manager database contains information about 22998 NVTs.
        OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ... 
        OK: OpenVAS Administrator is present in version 1.1.1.
        OK: At least one user exists.
        OK: At least one admin user exists.
Step 4: Checking Greenbone Security Assistant (GSA) ... 
        OK: Greenbone Security Assistant is present in version 2.0.1.
Step 5: Checking OpenVAS CLI ... 
        OK: OpenVAS CLI version 1.1.2.SVN.r.
Step 6: Checking Greenbone Security Desktop (GSD) ... 
        OK: Greenbone Security Desktop is present in Version 1.2.0.
Step 7: Checking if OpenVAS services are up and running ... 
        OK: netstat found, extended checks of the OpenVAS services enabled.
        OK: OpenVAS Scanner is running and listening on all interfaces.
        OK: OpenVAS Scanner is listening on port 9391, which is the default port.
        WARNING: OpenVAS Manager is running and listening only on the local interface. This means that you will not be able to access the OpenVAS Manager from the outside using GSD or OpenVAS CLI.
        SUGGEST: Ensure that OpenVAS Manager listens on all interfaces.
        OK: OpenVAS Manager is listening on port 9390, which is the default port.
        OK: OpenVAS Administrator is running and listening only on the local interface.
        OK: OpenVAS Administrator is listening on port 9393, which is the default port.
        WARNING: Greenbone Security Assistant is running and listening only on the local interface. This means that you will not be able to access the Greenbone Security Assistant from the outside using a web browser.
        SUGGEST: Ensure that Greenbone Security Assistant listens on all interfaces.
        OK: Greenbone Security Assistant is listening on port 9392, which is the default port.

It seems like your OpenVAS-4 installation is OK.

If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze 
the problem.

Original issue reported on code.google.com by NickPoor...@gmail.com on 11 Sep 2011 at 10:38

[GoogleCodeExporter]

Here is the dmesg in case it's useful.

Original comment by NickPoor...@gmail.com on 11 Sep 2011 at 10:40

Attachments:

• dmesg.txt

[GoogleCodeExporter]

Here is the xml file as well to reproduce the problem. (Attached)

Original comment by NickPoor...@gmail.com on 11 Sep 2011 at 11:18

Attachments:

• BUG-report-902809ca-1ca1-497d-b7c0-5c6cc3ce7e9d.xml

[GoogleCodeExporter]

I'm curious to see what this does, but I wish more people would provide the raw 
file to import when reporting problems like this. It's too much to ask for me 
to install OpenVAS, setup a fake network, and scan away hoping to reproduce the 
problem. I'll look at this tomorrow and report my findings here. Thanks again 
for doing this the right way.

Original comment by rsmu...@gmail.com on 12 Sep 2011 at 1:10

[GoogleCodeExporter]

Wow, I was able to reproduce that one. Made me want to dance or fall onto the 
floor in a strange trance. Very weird.

Original comment by rsmu...@gmail.com on 25 Sep 2011 at 9:14

[GoogleCodeExporter]

Okie, so I found the problem. When a metasploit method fails, Armitage displays 
everything that was sent to the method as well as the error received. 

Metasploit signaled an error because it was unable to detect this file as an 
OpenVAS report. If it's legit, I recommend that you file a bug with the 
Metasploit team at dev.metasploit.com.

I've modified Armitage to only display the called method name and the error 
message now. Next time an import fails, you won't see this crazy disco mode.

Original comment by rsmu...@gmail.com on 26 Sep 2011 at 3:26

• Changed state: Fixed