Renaud, It pretty sure looks like a FP. The reason being, this customer has two identical WIN 2K servers running IIS 5 and only one of them is showing positive results for this plugin. The only difference between these two servers is the cert authority. One has a Verisign cert and one has a Thawte cert. The one with the Thawte cert is showing the positive results. The confusing part is that this server is using native Windows implementation of SSL and not OpenSSL, so it should not come out positive at all as far as I think.
Please throw some light on this if I am wrong in understanding this or if this is reallly a FP. Thanks in advance, Best Regards, Keyur Lavingia -----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:14 AM To: '[EMAIL PROTECTED]' Subject: Re: What is the difference in these plugins ? On Sun, Mar 28, 2004 at 04:36:58PM -0500, Keyur Lavingia wrote: > Hi All, > > Can someone tell me what the difference is between these two plugins ? > > 11060 and 12110 11060 tests for bugtraq id#5363. 12110 tests for bugtraq id#9899. 5363 allows someone to execute arbitrary code using OpenSSL, while 9899 allows someone to disable the service. > When I do a scan, I get a false positive on 11060, but I want the > description from 12110 as its more accurate in that says "Nessus > solely relied on the banner ...." 11060 does not rely on the banner, it relies on the behavior of the remote SSL implementation. Are you sure it's a false positive ? -- Renaud _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
