On Thu, Apr 03, 2003 at 04:11:55PM +1200, Jason Haar wrote: > smtp_relay.nasl still misdiagnoses relaying on Qmail servers. Qmail doesn't > do real address parsing until after it has accepted the message, so it would > bounce later. Secondly, I ran it against an internal Qmail server, and it > obviously did allow me to relay - as Nessus was running on an internal host. [...] > Secondly, it misdiagnoses how xinetd handles multiple FTP connections. > goodtech_ftpd_dos.nasl classified a perfectly good vsftp server as having a > "Serious" security hole because xinetd decided to start refusing FTP > connections from Nessus. I'd say that is a feature - not a bug :-) I've > already had a co-worker ask me why Nessus said their FTP server was "broken" > - I realised immediately it was just a DoS-limiting feature - but the > description of this test doesn't offer that as an option, and less > experienced SAs are left a bit needlessly worried.
Fixed and fixed in CVS, thanks.
