> Could you run the attached plugin in command-line mode and tell me
> what it outputs ? (nasl -t target msrpc_dcom2.nasl).
Attached is another example that seemed to run cleanly:
bluepill:/lib/nessus/plugins# nasl -t 10.129.53.189 test.nasl
error1=0000000000
error2=0000000000
error3=0200000000
error4=2000000003
Success
Output from MS's 039 tool:
10.129.53.189: patched with KB824146 and KB823980
-----Original Message-----
From: Renaud Deraison <[EMAIL PROTECTED]>
Sent: Sep 11, 2003 1:19 PM
To: John Kapp <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: MS RPC Patch (Mis-)Reporting
On Thu, Sep 11, 2003 at 02:23:45AM -0400, John Kapp wrote:
> Over the past couple weeks, I've had very good results using msrpc_dcom.nasl for
> testing for the MS03-026 patch. Now that we have starting applying MS03-039, I'm
> getting inconsistent results with both the msrpc_dcom and dcom2 plugins. After
> applying the 039 patch, about 20% of the systems that I scan are reported as being
> vulnerable by both the dcom and dcom2 plugins. Microsoft's KB824146 scanner
> accurately reports that both patches have been installed on these same systems.
Could you run the attached plugin in command-line mode and tell me
what it outputs ? (nasl -t target msrpc_dcom2.nasl).
What operating system is running on the hosts which are supposed to be
patched ?
Also, note that msrpc_dcom.nasl won't work against a host with
MS03-039 applied, so make sure you are running version 1.9 and that BOTH
msrpc_dcom.nasl and msrpc_dcom2.nasl are enabled when you do a scan.
-- Renaud
