I've scanned a fresh Debian Squeeze box (authenticated scan) where nagios3 is installed and the qualys scan report shows a vulnerability 5 for CVE-2012-6096
Looking at https://security-tracker.debian.org/tracker/CVE-2012-6096, it says that the vulnerability has been fixed for squeeze and it is the nagios security package 3.2.1-2+squeeze1
The following shows the installed packages on the box and it shows i should have the patched version.
ii nagios3 3.2.1-2+squeeze1 A host/service/network monitoring and management system
ii nagios3-cgi 3.2.1-2+squeeze1 cgi files for nagios3
ii nagios3-common 3.2.1-2+squeeze1 support files for nagios3
ii nagios3-core 3.2.1-2+squeeze1 A host/service/network monitoring and management system core files
Should Qualys be able to detect that the security vulberability has been fixed ? I'm doing an authenticated scan so qualys has access to the debian dpkg and should be able to find out that the package has been patched.
Thanks in advance for any information you may have!