Could you send us the following information :
- Ethereal/tcpdump trace (when you scan a patched system for this flaw).
- Windows 2003 system description (enterprise, standard ?)
- version of file C:\WINDOWS\system32\drivers\srv.sys .
Thanks,
Nicolas
PS: you can send this information in private if you want.
On Jun 28, 2005, at 8:52 AM, Miles B.L. wrote:
Hello,
I recently scanned a windows 2003 server (SP1) with Nessus and it
reported it was vulnerable to the Server Message
Block (SMB) implementation flaw as described in MS05-027 and tested
for
by plugin 18502.
On checking with the system adminstrator, he confirmed the system had
the patch (896422) described in MS05-027 applied and that the
Mircrosoft
Baseline security analyser confirmed the system was not vulnerable.
My conclusion - either the patch doesn't resolve the vulnerability
(unlikely) or the plugin has reported a false positive for some reason
(more likely)?
Has anyone else come across this problem?
How do we report this to someone to check and fix?
Thanks,
Brevan Miles
Information and Systems Security Co-ordinator,
Information Systems Services,
The University of Southampton,
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
