On Thu, Apr 11, 2002 at 08:14:16AM +0200, BOUR Daniel wrote:
> I have exactly the same problem.
> Nessus get a Null session vulnerability with RA=2 under W2K.
> When i try a Null connection to the server, it can't connect.
> I'm using nessus 1.0.10, but i had the same problem with previous stable version.
> I try with nessus 1.1.14, he found a Null session vulnerability.
> Is that a false positive in Nessus ?
No. It turns out that with RA=2, it is possible to log into a remote
host networkwise (meaning that when a null login/password is sent, no
error message is sent back), but nothing else can be done. See that as a
valid unix username/password with /bin/cat has a shell (the point
being that a null session gets past the authentication phase)
I don't know if I should change the plugin to make sure IPC$ can be
reached. On the one hand, this would fix this inconvenience, but OTOH
maybe we'll discover in the future that a null session with RA=2
can access a weird pipe or crash the remote server by doing some weird
request or do whatever stuff I don't want to think about. Comments are
welcome.
-- Renaud
