Sorry for the wrong copy-paste. On the server I scanned; both plugins told that the server is vulnerable. ms06-035 AND ms06-040
__________________________________________________________________________________ Vulnerability microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host due to a flaw in the 'server' service. Description : The remote host is vulnerable to a buffer overrun in the 'Server' service which may allow an attacker to execute arbitrary code on the remote host with the 'System' privileges. Solution : Microsoft has released a set of patches for Windows 2000, XP and 2003 : http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx Risk factor : Critical / CVSS Base Score : 10 (AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2006-3439 BID : 19409 Nessus ID : 22194 __________________________________________________________________________________ Vulnerability microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host due to a flaw in the 'server' service. Description : The remote host is vulnerable to heap overflow in the 'Server' service which may allow an attacker to execute arbitrary code on the remote host with the 'System' privileges. In addition to this, the remote host is also vulnerable to an information disclosure vulnerability in SMB which may allow an attacker to obtain portions of the memory of the remote host. Solution : Microsoft has released a set of patches for Windows 2000, XP and 2003 : http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx Risk factor : Critical / CVSS Base Score : 10 (AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2006-1314, CVE-2006-1315 BID : 18891, 18863 Nessus ID : 22034 __________________________________________________________________________________ And I ran both plugins through nasl : Both ended with "not vulnerable" diagnostic. I suppose that it's due to the fact that the OS is not recognized when the plugin is launched in standalone : .......................... [15071]() NASL> [002bc6b8] <- "Host/OS/smb" [15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL> Call get_kb_item(1: "Host/OS/smb") [15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL> Return get_kb_item: NULL [15071]() NASL> [002bdac0] <- undef NASL:0159> if ("Windows" >!< os) { ... } <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< [15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL> [002bdac0] -> undef NASL:0157> exit(...) [15071]() NASL> [002bc6b8] <- 0 [15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL> Call exit(1: 0) [15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL> Return exit: 0 Is there a way to force the plugin to check the vuln anyway. I have to do this because it seems that it is a false positive, and I want to check ( and eventually show to the admins ) the data exchanged between nessus and the server. Cordialement / Mit freundlichen Grüßen / Best regards, _____________________________________________ Patrice Arnal ISS - DataCenter – E&S Mailto: [EMAIL PROTECTED] _____________________________________________
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
