I'm not sure the winamp scanning routines are even being run. Here's what I did for testing:
1. Install 2 out-of-date programs on localhost, Winamp 5.24 and SeaMonkey 1.13. 2. Modify winamp_in_cdda_buffer_overflow.nasl and seamonkey_114.nasl, changing the script names slightly and adding security_note(port:kb_smb_transport(), data:"Checking X"); after the include(s). X=Winamp or SeaMonkey. 3. Delete .db and .xml files in the plugins directory and run build. 4. Start Nessus and verify that I see my modified script names in the plugins list. 5. Scan localhost with the following plugins: General: Host FQDN (12053) Port scanners: ping the remote host (10180) Settings: Do not scan printers (11933) Global variable settings (12288) Windows: 5 Nullsoft plugins (16204, 16199, 15817 modified version, 16152, 15952) Seamonkey < 1.1.4 (25842 modified version) 9 Winamp plugins (20826, 20973, 22921, 25770, 25956, 19217, 21733, 21738, 11530) Settings: Verbose, paranoid, auto enable dependencies, optimize test, thorough tests. In the results, I see the security note I added for SeaMonkey, but not the one for Winamp. I am totally confused. Should "SMB/Registry/Enumerated" be added to script_require_keys in winamp_in_cdda_buffer_overflow.nasl? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
