We've noted for a while now that this test is
tripping a LOT of false positives. We're not quite
sure why, other than we note some REALLY odd things
happening if that script gets run manually with
nasl -t IP iis_webdav_lock_memory_leak.nasl
In the above case, you'll get part of the actual
test script code echoed out to the terminal.
False positives have been confirmed on servers not
running IIS (e.g. Apache), and on systems where
there isn't even a webserver running at all.
I attempted to look at why the script was echoing
code to the terminal, but didn't have a lot of luck.
An example of a failure as indicated above is shown
below.
Thomas
[root@me /root]# cd /usr/local/lib/nessus/plugins
[root@me plugins]# nasl -t 192.168.1.2 iis_webdav_lock_memory_leak.nasl
iis_webdav_lock_memory_leak.nasl : Warning : evaluating unknown variable
- description
IIS 5 is online but service Pack could not be determined.
Please check that SP2 is correctly installed to prevent the WebDav
Memory Leakage DOS vulnerability.
Solution : SP2 and hotfix are available at
http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/default.asp.
Risk factor : High
iis_webdav_lock_memory_leak.nasl : Warning : evaluating unknown variable - "
IIS 5 is online but the Service Pack 2 doesn't seem to be installed.
The WebDav Memory Leakage DOS vulnerability can potentially put the
server to its knees.
Solution : SP2 and hotfix are available at
http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/default.asp.
Risk factor : High";security_hole(port:port,data:report);}}
[root@me plugins]#
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
- Re: bug in iis_webdav_lock_memory_leak.nasl Thomas Reinke
- Re: bug in iis_webdav_lock_memory_leak.nasl George A. Theall
