On Thu, Dec 08, 2005 at 09:10:27AM -0500, Moessbauer, David W. wrote: > I have left the default scan settings as they were (as I noted, I'm new > to nessus - haven't yet taken time to play around with them), I set the > Target to localhost, and let it run for all plugins provided with the > 2.6.6 install. I have not yet update the plugins, as this is a > classified machine, and have not taken time to download and transfer. ... > Uncertain exactly how to easily determine which plugin is reporting this > (newbie issues).
Some output formats will display the plugin it; for others, you're generally better off as a newbe just including the full text of the reports, minus any sensitive information. But given what you said you did, it appears that the plugins involved were SHN_MySQL_Privilege_Escalation.nasl, mysql_buff_overflow.nasl, and mysql_hotcopy_tempfile.nasl as they all include the text "running a version of MySQL" and are distributed along with the source. Each of those three should actually be getting the MySQL version number from a banner after connecting to a MySQL daemon; ie, they shouldn't be false-positives. Can you rerun the scan, select just those three plugins (be sure, though, to enable dependencies), and send me privately a packet dump of traffic on 127.0.0.1 involving port 1241 (or whatever port nessusd runs on)? Another possibilitity is to enable KB saving and send me the knowledge base, which is located in something like /usr/local/var/nessus/user/$user/kb/$target, where $user is the Nessus username running the scan and $target is the target you specify for the scan. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
