how can this affcet a full patched Windows Server 2008R2 where netbios-ns (137/tcp) is for sure not open from the scanner IP as well as any other port of the machine?
not telnet nor nmap confirms 137 open that would mean OpenVAS is doing something special to get whatever response from the Windows machine while nmap says there is no open port which would be much more critical the the CVE because a major bug in the Windows firewall __________________________________________________________________ [root@openvas:~]$ /usr/bin/nmap -O -sV -T4 -d vcenter Starting Nmap 6.25 ( http://nmap.org ) at 2013-06-14 20:11 CEST PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 500, min 100, max 1250 max-scan-delay: TCP 10, UDP 1000, SCTP 10 parallelism: min 0, max 0 max-retries: 6, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.2. NSE: Loaded 19 scripts for scanning. Initiating ARP Ping Scan at 20:11 Scanning vcenter (xx.xx.xx.132) [1 port] Packet capture filter (device eth0): arp and arp[18:4] = 0x005056BD and arp[22:2] = 0x3386 Completed ARP Ping Scan at 20:11, 0.02s elapsed (1 total hosts) Overall sending rates: 51.96 packets / s, 2182.39 bytes / s. Initiating Parallel DNS resolution of 1 host. at 20:11 mass_rdns: 0.00s 0/1 [#: 3, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 20:11, 0.00s elapsed DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 3, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 20:11 Scanning vcenter (xx.xx.xx.132) [1000 ports] Packet capture filter (device eth0): dst host xx.xx.xx.107 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host xx.xx.xx.132))) Completed SYN Stealth Scan at 20:11, 21.07s elapsed (1000 total ports) Overall sending rates: 94.93 packets / s, 4176.99 bytes / s. Initiating Service scan at 20:11 Packet capture filter (device eth0): dst host xx.xx.xx.107 and (icmp or (tcp and (src host xx.xx.xx.132))) Initiating OS detection (try #1) against vcenter (xx.xx.xx.132) Retrying OS detection (try #2) against vcenter (xx.xx.xx.132) NSE: Script scanning xx.xx.xx.132. NSE: Starting runlevel 1 (of 1) scan. Nmap scan report for vcenter (xx.xx.xx.132) Host is up, received arp-response (0.00042s latency). rDNS record for xx.xx.xx.132: <target-host> All 1000 scanned ports on vcenter (xx.xx.xx.132) are filtered because of 1000 no-responses MAC Address: 78:E7:D1:F5:A3:AC (Hewlett-Packard Company) Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SCAN(V=6.25%E=4%D=6/14%OT=%CT=%CU=%PV=Y%DS=1%DC=D%G=N%M=78E7D1%TM=51BB5CEB%P=x86_64-unknown-linux-gnu) U1(R=N) IE(R=N) Network Distance: 1 hop Final times for host: srtt: 425 rttvar: 5000 to: 100000 Read from /usr/bin/../share/nmap: nmap-mac-prefixes nmap-os-db nmap-payloads nmap-service-probes nmap-services. OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 24.51 seconds Raw packets sent: 2049 (94.700KB) | Rcvd: 1 (28B) __________________________________________________________________ Medium (CVSS: 5.0) NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target system's memory. This data could, for example, be a segment of HTML if the user on the target system was using an Internet browser, or it could contain other types of data that exist in memory at the time that the target system responds to the NetBT Name Service query. An attacker could seek to exploit this vulnerability by sending a NetBT Name Service query to the target system and then examine the response to see if it included any random data from that system's memory. Solution : Microsoft has released a patch to fix this issue, download it from the following website: Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=A59CC2AC-F182-4CD5-ACE7-3D4C2E3F1↵ 326&displaylang=en Windows Server 2003 64 bit Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=140CF7BE-0371-4D17-8F4C-951B76AC3↵ 024&displaylang=en Windows XP http://www.microsoft.com/downloads/details.aspx?FamilyId=1C9D8E86-5B8C-401A-88B2-4443FFB9E↵ DC3&displaylang=en Windows XP 64 bit Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=378D4B58-BF2C-4406-9D88-E6A3C4601↵ 795&displaylang=en Windows 2000 http://www.microsoft.com/downloads/details.aspx?FamilyId=D0564162-4EAE-42C8-B26C-E4D4D496E↵ AD8&displaylang=en Windows NT Server 4.0 http://www.microsoft.com/downloads/details.aspx?FamilyId=F131D63A-F74F-4CAF-95BD-D7FA37ADC↵ F38&displaylang=en Windows NT Server 4.0, Terminal Server Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=22379951-64A9-446B-AC8F-3F2F08038↵ 3A9&displaylang=en
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
