Does it mean that if you have no admin rights on the targeting host,
although you selected to check this, it will not run?
How do I execute the check with admin rights? Isn't it dangerous to execute
the check with admin rights where the scan traffic is all in clear (plain
text)?
I was also very curious about this particular check 'MssqlPreauthBo' which
require admin rights too. The actual exploit for this doesn't require any
admin rights if your TCP port 1433 is open and the no correct patch
applied, it should be vulnerable. Can you explain why for this particular
check 'MssqlPreauthBo' need admin rights?
In this case, if checks are not being run (becos without admin rights), it
won't reflect the actual vulnerabilites state of the machine and most
critical ISS ckecks required admin rights. Can someone pls answer me??
Regards,
Cindy
"Rouland, Chris
(ISSAtlanta)" To: "Stephen Tihor"
<[EMAIL PROTECTED]>, "ISS XForce" <[EMAIL PROTECTED]>
<[EMAIL PROTECTED] cc: <[EMAIL PROTECTED]>
t> Subject: RE: [ISSForum] ISS Security
Brief: Microsoft SQL Slammer Worm Propagation
Sent by:
issforum-admin@i
ss.net
01/27/2003 04:52
AM
Stephen,
The MssqlMs02039Patch (SecChkId 9666) check for Internet Scanner works
by reading the path to where SQLServer is installed and then gets the
version resource from ssnetlib.dll. If the version is less than 636, we
flag the target as vulnerable.
You will need admin rights on the target to detect this.
-Chris
-----Original Message-----
From: Stephen Tihor [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 25, 2003 2:14 PM
To: ISS XForce
Cc: [EMAIL PROTECTED]
Subject: Re: [ISSForum] ISS Security Brief: Microsoft SQL Slammer Worm
Propagation
Interestingly enough if have ISS internet scanner upda toe date with all
XPU's and scanned a machine Friday which turned out to be vulnerable
today. It was a stable production node so I doubt they enabled anything
new. Which suggests the ISS was not on point or was a Denial of Service
test since those were not
run against the machine being tested. Could someone tell
me which was the case?
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
