On 10/22/07 14:31, [SiN] wrote: > The link given within the output from this plugin > "http://service.real.com/help/faq/security/bufferoverrun030303.html"; > says that this vulnerability "DOES NOT affect RealServer 8.02 or > later" but does recommend that users do upgrade to 9.0.1.
True. > I have a > client that says their server is 8.0.2 and not sure why they are > gatting alarmed with this vulnerability that does not seem to really > exist. Point him/her to the following vendor advisory: http://www.service.real.com/help/faq/security/rootexploit082203.html This is referenced by both CVE-2003-0725 / Bugtraq 8476, which the plugin in turn references. So while I don't agree that this is a false-positive, I do see how the description as it currently stands is misleading. I'll update it shortly. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
