yes I did.
Shahid Sharif
From: Nicolas Pouvesle <[EMAIL PROTECTED]>
To: [email protected]
Subject: Re: Plugins 14818 & 11839 report false positives
Date: Thu, 20 Oct 2005 13:33:40 -0400
MIME-Version: 1.0 (Apple Message framework v734)
Received: from mail.nessus.org ([63.105.37.100]) by mc9-f25.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 20 Oct 2005 10:35:17 -0700
Received: from localhost (localhost [127.0.0.1])by mail.nessus.org (Postfix) with ESMTP id EB77E13801;Thu, 20 Oct 2005 13:35:02 -0400 (EDT)
Received: from mail.nessus.org ([127.0.0.1]) by localhost (raccoon.nessus.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 96941-01-10; Thu, 20 Oct 2005 13:34:57 -0400 (EDT)
Received: from raccoon.nessus.org (mail.nessus.org [63.105.37.104])by mail.nessus.org (Postfix) with ESMTP id 6EF31137F4;Thu, 20 Oct 2005 13:34:50 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])by mail.nessus.org (Postfix) with ESMTP id ECA36137DEfor <[email protected]>; Thu, 20 Oct 2005 13:34:46 -0400 (EDT)
Received: from mail.nessus.org ([127.0.0.1])by localhost (raccoon.nessus.org [127.0.0.1]) (amavisd-new, port 10024)with LMTP id 97005-01-6 for <[email protected]>;Thu, 20 Oct 2005 13:34:43 -0400 (EDT)
Received: from vmail2.tellurian.net (vmail2.tellurian.net [216.182.1.14])by mail.nessus.org (Postfix) with ESMTP id A7252137C3for <[email protected]>; Thu, 20 Oct 2005 13:34:43 -0400 (EDT)
Received: from [172.20.101.136] (66-240-11-2.isp.comcastbusiness.net[66.240.11.2]) by vmail2.tellurian.net ([216.182.1.14] Tellurian Networks Mail Serverversion 3.5b3-3) with ESMTP id 85252165 for <[email protected]>; Thu, 20 Oct 2005 13:33:40 -0400
>
>On Oct 20, 2005, at 1:12 PM, Shahid Sharif wrote:
>
>>I ran a scan against an XP machine and nessus reported:
>>
>>148180It was possible to log into the remote host with the login
>>'X' and a blank password. A widely available exploit, using one of
>>the vulnerabilities described in the Microsoft Bulletin MS04-028
>>creates such an account. This probably mean that the remote host
>>has been compromised by the use of this exploit. See also : http://
>>www.microsoft.com/technet/security/Bulletin/MS04-028.mspx Solution
>>: Re-install this host, as it has been compromised CVE :
>>CAN-2004-0200
>>
>>
>>
>>118390It was possible to log into the remote host with the login
>>'e' and the password 'asd#321'. A widely available exploit, using
>>one of the vulnerabilities described in the Microsoft Bulletin
>>MS03-039 creates such an account. This probably mean that the
>>remote host has been compromised by the use of this exploit. See
>>also : http://www.microsoft.com/technet/security/bulletin/
>>ms03-039.mspx Solution : Re-install this host, as it has been
>>compromised CVE : CAN-2003-0528 BID : 8459
>>
>>
>>When we used other tools to test this system, we found nothing
>>wrong at all.
>>
>>What could be causing this exposure to be triggered?
>>
>
>Did you set the option "enable plugin dependencies" ?
>
>
>Nicolas
>_______________________________________________
>Nessus mailing list
>[email protected]
>http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
