Odd - we never had a problem with the older pluin (commercial feed) on a couple different client's networks. Any reason why we didn't and he did? We are using the latest nessus server and client.
-Chris (Sent from my BlackBerry) Christopher B. Karr, CISSP UberGuard Information Security Consulting, LLC 91 Clinton St. Avon, NY 14414 P:(585) 226-2635 F:(585) 226-9329 C:(585) 703-9774 www.uberguard.com ----- Original Message ----- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: Discini, Sonny <[EMAIL PROTECTED]> Cc: [email protected] <[email protected]> Sent: Thu Oct 30 10:59:45 2008 Subject: Re: MS08-067 Plugins Crashing SVCHOST.EXE Sonny, Sorry to hear about this. Older versions of this plugin (pre 1.11) are supposed to be safe but in some corner cases, as Omen Wild reported, it could take down svchost.exe. We immediately worked with Omen about this and believe that version 1.11, which was pushed in the feed yesterday, fixes the problem for good (we're waiting for his latest tests though). Could you make sure that you're running version 1.11 of the plugin? I'd advise you to go as far as doing a nessusd -R on your scanners to make sure that you're running the very latest version. Thanks, -- Renaud On Oct 30, 2008, at 8:58 AM, Discini, Sonny wrote: > I've heard that others have run into trouble with the MS08-067 > plugins. > Right now, we've taken down about 2,500 hosts in our environment with > these plugins. > > ERROR FROM EVENT VIEWER: > Event Type: Error > Event Source: Application Error > Event Category: (100) > Event ID: 1000 > Date: 10/29/2008 > Time: 10:11:50 AM > Description: > Faulting application svchost.exe, version 5.1.2600.5512, faulting > module > netapi32.dll, version 5.1.2600.5512, fault address 0x00018ae1. > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > Data: > 0000: 41 70 70 6c 69 63 61 74 Applicat > 0008: 69 6f 6e 20 46 61 69 6c ion Fail > 0010: 75 72 65 20 20 73 76 63 ure svc > 0018: 68 6f 73 74 2e 65 78 65 host.exe > 0020: 20 35 2e 31 2e 32 36 30 5.1.260 > 0028: 30 2e 35 35 31 32 20 69 0.5512 i > 0030: 6e 20 6e 65 74 61 70 69 n netapi > 0038: 33 32 2e 64 6c 6c 20 35 32.dll 5 > 0040: 2e 31 2e 32 36 30 30 2e .1.2600. > 0048: 35 35 31 32 20 61 74 20 5512 at > 0050: 6f 66 66 73 65 74 20 30 offset 0 > 0058: 30 30 31 38 61 65 31 0018ae1 > > We have the latest Security Center with the latest build of Nessus on > RHEL 5. Our plugins are updated each night. > > If anyone has a solution or an expected fix date, please let me know. > > > Sonny > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
