I'm writing to ask if anyone can answer a question or two I have about the xfs_overflow.nasl. I've greped the archives in both plugin-writers and this list, so forgive me if I've overlooked the answers.
After looking at the code as it comes out-of-the-box, it is obvious only one of the two code blocks is ever run. Some of the comments/code lead one to believe that this was meant to serve as an attack when safe checks are off, but i don't think the plugin was ever finished. What the plugin does do, is checks the knowledge base to see if the port 7100 has the xfs service running, and then attempts a socket connection. If a socket is opened, a warning is given, and the plugin exits. Otherwise nothing is done. Running nmaps service identifier, which I'm assuming is the same method of service identification nessus uses, one will get this back: 7100/tcp open font-service Sun Solaris fs.auto with no version of the service or any other distinguishing feature. I've read the CAN for this vulnerability and look at some of the references and it seems to only be vulnerable Sun boxes, and some other commercial Unixes, and everyone with such a system is advised to get a vendor patch. That said, my question is this: Does the patch shut the port down all together? or does it just fix the buffer overflow, leaving this nasl to kick back a false positive? Thanks, Alex Brugh _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
