-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I am running a network vuln. scan using OpenVAS 6 (with Greenbone Feed). It repeatedly reports that our windows 2k8 servers are prone for: Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.802037) First of all there is an inconsistency in the NVT. In the upper right corner it says: "netbus-pro (20034/tcp)", but the actual vulnerability is about 20034/udp. I've run several tests but I wasn't able to figure out, why OpenVAS would report this vuln. on the corresponding machines. - From remote (the OpenVAS server): % echo | ncat -u 10.XX.XX.XX 20034 Ncat: Connection refused. On the local machine: C:\>echo | nc -vv -u localhost 20034 XXXXXXXXXXXXX [127.0.0.1] 20034 (?) open sent 13, rcvd 0: NOTSOCK C:\>netstat -an -p udp | find "20034" <empty response> C:\>netstat -an -p udp Active Connections Proto Local Address Foreign Address State UDP 0.0.0.0:1XXXX *:* UDP 0.0.0.0:5XXXX *:* UDP 0.0.0.0:5XXXX *:* UDP 10.XX.XX.XX:1XXXX *:* UDP 10.XX.XX.XX:1XXXX *:* UDP 127.0.0.1:4XXXX *:* UDP 127.0.0.1:4XXXX *:* I cannot find any evidence how OpenVAS should be able to find this port open. We are not running any Azeotech product at all and every program I checked with confirmed that Port 20034/UDP is not open. Any idea what's going on here? Thanks Winfried -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/ Charset: utf-8 iQEcBAEBAgAGBQJSLZFKAAoJEJknFi9J2+ZuinEIAIUcQb2nGRO6+0ozrOoOUWAS Umb1W3lVTpAlUDag5WgVZkWcx6eXSYv7Yt2s6vVVTgNudyMvnAyfSUxCFsIHe0Hv /roNIO9X48HL73c3Vt+HXY/OiFvXtBomxr+QnoMBvw/PnMacpePEW8L0AnoFlKyt gTP1DS6Loi6wHHeFACfzM+3rY1Koj5Y6vqNlAvw0YnpbvLI5A3zZmbX403OVNM83 whauI526M2yJJQDj9sN8teAsw03+q2clTda+Kvy4vSBmOON3zADXcndSMkUhaeHP FcGmGBTNbWKaXeTRY91JTKopms2P/FVkkrogj7jSwWqr0fi+zbv8VcdrA6roHSc= =/rCo -----END PGP SIGNATURE-----
Hi, I am running a network vuln. scan using OpenVAS 6 (with Greenbone Feed). It repeatedly reports that our windows 2k8 servers are prone for: Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.802037) First of all there is an inconsistency in the NVT. In the upper right corner it says: "netbus-pro (20034/tcp)", but the actual vulnerability is about 20034/udp. I've run several tests but I wasn't able to figure out, why OpenVAS would report this vuln. on the corresponding machines. From remote (the OpenVAS server): % echo | ncat -u 10.XX.XX.XX 20034 Ncat: Connection refused. On the local machine: C:\>echo | nc -vv -u localhost 20034 XXXXXXXXXXXXX [127.0.0.1] 20034 (?) open sent 13, rcvd 0: NOTSOCK C:\>netstat -an -p udp | find "20034" <empty response> C:\>netstat -an -p udp Active Connections Proto Local Address Foreign Address State UDP 0.0.0.0:1XXXX *:* UDP 0.0.0.0:5XXXX *:* UDP 0.0.0.0:5XXXX *:* UDP 10.XX.XX.XX:1XXXX *:* UDP 10.XX.XX.XX:1XXXX *:* UDP 127.0.0.1:4XXXX *:* UDP 127.0.0.1:4XXXX *:* I cannot find any evidence how OpenVAS should be able to find this port open. We are not running any Azeotech product at all and every program I checked with confirmed that Port 20034/UDP is not open. Any idea what's going on here? Thanks Winfried |
PGPexch.htm.sig
Description: Binary data
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
