*** Tim Brown <[email protected]> wrote: > On Monday 05 October 2009 20:59:07 Thomas Reinke wrote: > > > trunk/openvas-plugins/scripts/ms_smb2_highid.nasl > > > > > > + script_category(ACT_GATHER_INFO); > > > > I suspect this script should be classified as ACT_DENIAL > > rather than ACT_GATHER_INFO, given that it causes the > > vulnerable server to reboot.
Yes, you are right. Maybe "ACT_KILL_HOST" is the best script_category? > I agree. For the record, the /safe/ version of the check would be just to > check for SMBv2 support and flag it as a possible issue. It's not perfect > but AFAIK it is all that can be done at the moment. This will result in some false positive as well on patched systems. And keep in mind that we can't recall such a plugin once it was synced by a user. > You might also be able to fix up the packet so that it uses values > that are unlikely to trigger the crash but I haven't investigated > that in any detail. I found no way. But i'm not very familiar with SMB. There was also a discussion at the nmap-mailinglist about that. They also found no non-destructive solution to detect this flaw. Micha -- Michael Meyer OpenPGP Key: 76E050B9 http://www.intevation.de Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
