On Montag, 5. Oktober 2009, Tim Brown wrote:
> > >e,0x54, +
> > > 0x20,0x4c,0x4d,0x20,0x30,0x2e,0x31,0x32,0x00,0x02,0x53,0x4d,0x42,0x20,0x3
> > >2,0x2e, + 0x30,0x30,0x32,0x00); # Tested against 2008
> > > Server. A vulnerable Server doing a reboot. I'm not happy with that, but
> > > a the moment i have no idea how to detect this vulnerability without
> > > exploiting it. +
> >
> > I suspect this script should be classified as ACT_DENIAL
> > rather than ACT_GATHER_INFO, given that it causes the
> > vulnerable server to reboot.
>
> I agree. For the record, the /safe/ version of the check would be just to
> check for SMBv2 support and flag it as a possible issue. It's not perfect
> but AFAIK it is all that can be done at the moment. You might also be able
> to fix up the packet so that it uses values that are unlikely to trigger the
> crash but I haven't investigated that in any detail.
wouldn't it make sense to have two tests, one do the guessing as Tim describes
and one that really does the "unsafe" check?
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
