I'm working on an assessment, with Nessus 3.0.2. I have 'Safe Checks' chosen, and have unchecked the Denial of Service category....to give you an idea of the plugins I have enabled. Very default scan...
At some point during the scanning of a specific IP, which just happened to house a Document Management app, a dump occured, the primary service associated with the doc management application stopped.....which is very bad.
Here's what the client's app engineer sent me, regarding the event logs generated during the scanning period, and his concerns:
********************************************************************************
Here's the major
thing I see. There were 3 dumps around this time:
3:13:
Access violation: instruction address: 77f4989a reason READ, access address 24 handler file D:\CM\projects\DMServer_5105_sr5\source\Server\PCDut32\PCDWorkerThread.cpp handler line number 211, dump file in C:\Program Files\Hummingbird\DM Server\DMServer_2006-09-19_19-13-46-0536_GMT.DMP
Found DM server service stopped @ 4:37. Restarted, DM functionality not restored. Manual restart of server 4:45. service restored.
The key thing we need to ensure is that no buffers are being overrun at any level. If even a small buffer overrun is attempted for the sake of determining if a larger exploit is possible, this is not viable during business hours.
I can gather more information tomorrow morning regarding the application that's being used. Is there a way I can find out, perhaps for next time, through a Nessus log that shows what time a specific IP was scanned for a plugin, with the associated result, whether or not it produced an alert?
Help is appreciated....this client is insisting that we discontinue the assessment until it's verified that Nessus did or did not cause this application to die.
--
-->j
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
