On Tue, Feb 05, 2002 at 11:26:19AM -0600, Troy Perkins wrote:
Hi,
I did not see the parameters of the test, so the following is my
intuition and has to be taken with a grain of salt :
> This article states that the following vulnerabilities are not found by
> Nessus:
> -Domain Controller Request DoS
> -Malformed RPC Packet
> -Packaging Anomaly
> -Virtualized UNC Shares
I guess Mandy did not give any NT credential to Nessus (as done in the
'Prefs.' section of the panel) while the others scanners (ISS, Retina)
were given those (through the fact that she was logged as administrator
in NT). As a result, Nessus could not dig into the remote registry to
determine wether the hotfixes were applied or not.
> -Malformed WebDAV Attack
> -wu-ftpd format string debug set
> -wu-ftpd file globbing
> -sendmail maillocal
> -OpenSSH UseLogin
I don't understand those either.
-- Renaud
