On Fri, Jan 31, 2003 at 08:00:24AM -0500, Bishop, Dean wrote:
> Good morning,
>
> i am just putting a nessus server together for production use and need a
> bit of help understanding.
>
> i have run nessus scans this week after the SQL-Slammer scare on a few
> machines that i believe to be vulnerable. i updated my plugins 2 days ago
> just before my last scan and enabled all plugins (even dangerous ones).
> Even still i don't see any SQL vulnerabilities. What am i missing?
>
> i saw a post within the last 24h that indicated that to get SQL version
> info you need an admin level account. Is this also true for the SQL-Slammer
> (and other) plugins?
No. The SQL slammer check does not need any credentials. However,
there's a plugin which retrieves the version number of the remote SQL
host, and it needs credentials, but that's unrelated.
How did you update your plugins ? Did you restart nessusd ? What appears
in the report regarding SQL ?
-- Renaud
