On Thursday 11 September 2003 09:02 am, Hemsley, Trevor wrote: > I have a Windows NT 4.0 machine that is reporting false positives for this > test and for ms03-026.
I'm having the same problems with Windows NT 4.0. The patches for 026 and 039 are both installed and the PC was rebooted. When I run the msrpc_dcom2.nasl plugin v1.6 against it all I get back is "Success". I'll look into this further and can provide additional info if needed. Beirne > > This machine did have the 823980 patch on it this morning, I then took that > off and ended up reinstalling the entire machine to make it work again > (thanks MS). I scanned it with neither patch applied and msrpc_dcom2.nasl > reports that both are missing (correctly). I then applied the latest patch > since 823980 is not on the Windows Update list any more. It now reports > that both ms03-026 and ms03-039 are not applied even though ms03-039 is. I > ran the test plugin against it and it reports > > error1=0000000000 > error2=0000000000 > error3=0200000000 > error4=2000000003 > Success > > msrpc_dcom.nasl also fires and reports this machine as vulnerable with the > ms03-039 patch on. > > -----Original Message----- > From: John Kapp [mailto:[EMAIL PROTECTED] > Sent: 11 September 2003 13:11 > To: Renaud Deraison; [EMAIL PROTECTED] > Subject: Re: MS RPC Patch (Mis-)Reporting > > > Could you run the attached plugin in command-line mode and tell me > > what it outputs ? (nasl -t target msrpc_dcom2.nasl). > > In the output below, test.nasl is the plugin that you sent in your e-mail. > msrpc_dcom2.nasl is the production plugin. > > bluepill:/lib/nessus/plugins# nasl -t 10.129.53.61 test.nasl > error1=5401048000 > error2=0240008000 > error3=0200000000 > error4=2000000003 > [19417] plug_set_key:send(0)['1 SMB/KB824146=1; > '](0 out of 18): Socket operation on non-socket > > bluepill:/lib/nessus/plugins# nasl -t 10.129.53.61 msrpc_dcom2.nasl > [19418] plug_set_key:send(0)['1 SMB/KB824146=1; > '](0 out of 18): Socket operation on non-socket > > bluepill:/lib/nessus/plugins# nasl -t 10.129.53.61 msrpc_dcom.nasl > Success > > C:\Program Files\KB824146Scan>KB824146Scan.exe 10.129.53.61 > > Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86 > Copyright (c) Microsoft Corporation 2003. All rights reserved. > > <+> Starting scan (timeout = 5000 ms) > > Checking 10.129.53.61 > 10.129.53.61: patched with KB824146 and KB823980 > > <-> Scan completed > > > What operating system is running on the hosts which are supposed to be > > patched ? > > I'm about 90% certain that they are XP Pro SP1. I can try to get better > info if it's important. > > Regards, > John -- Beirne "Bern" Konarski [EMAIL PROTECTED] "Untouched by Scandal"
