Hello Chris, Yes, this is an open vulnerability, not yet fixed. Though MS09-025 seems to be the solution, but there is no clear indication whether this is fixed yet.
We'll wait for the next release of Microsoft update which is tomorrow and then make necessary changes to this code. Thanks for noticing. Chandra. ________________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Chris Kolb Sent: Monday, August 10, 2009 2:38 AM To: [email protected] Subject: [Openvas-discuss] Error in secpod_ms_win_xp_spi_dos_vuln.nasl It seems that from my experience and taking a peek at the code in the secpod_ms_win_xp_spi_dos_vuln.nasl plugin that it will indicate an alert for any XP system that does not have SP4 installed. Since SP4 does not exist, an alert is triggered for every XP system. Am I misinterpreting something, or can anyone confirm that this is accurate? Chris Kolb Manager of Information Security GDSX, Ltd. Phone: 972-612-7121 Fax: 972-612-7021 Come see us this summer at NBTA in San Diego August 23 26! Booth #3019 Confidentiality Notice: This e-mail contains information that is confidential. It is intended for the exclusive use of the individual or entity to whom it is addressed. If you are not the named recipient, disclosure or distribution of the information transmitted herewith is strictly prohibited and may be subject to legal restriction or sanction. Please notify the sender, by return e-mail or telephone, of any unintended recipients and delete the original message without making any copies. _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
