Hello Everyone,
Ok... Seems my last question was answered in that the plugin behaviour was
tested / confirmed by the fine folks @ Secpod themselves...
Now I am just trying to understand any possible nuances or mitigating
factors that might result in some inconsistent scanning...
Another example... secpod_MS10-042
Took a look at the nasl code...
# Windows 2003
else if(hotfix_check_sp(win2003:3) > 0)
{
SP = get_kb_item("SMB/Win2003/ServicePack");
if("Service Pack 2" >< SP)
{
# Grep for helpsvc.exe version < 5.2.3790.4726
if(version_is_less(version:sysVer, test_version:"5.2.3790.4726")){
security_hole(0);
}
exit(0);
}
security_hole(0);
}
So two servers, identical vSphere clones running Svr 2003 with all patches
up-to-date, confirmed via WSUS and Windows Update, MSBA 2.2... The
difference from the identical base installs is that one is just a pure File
Server with no other services, the other runs WSUS 3.0 SP2.
I checked the file systems on both, confirmed the DLL versioning (both are
5.2.3790.4726), registry keys, registry values, did hex comparisons of all
key values where applicable.. Same services setups, etc. One server
passes, the other fails???
What else could potentially be tripping this sort of behavior???? I have
around 12 NASL inconsistencies that I haven't been able to sort out
regardless of what I have looked at or investigated???
Any one have any tips for what else I might not be thinking to dig deeper
into???
Any chance this might be left over somewhere because of saved scan KBs or a
remnant of some other process, scan file orphan or just a bit of
randomness???
Overall it would just be nice to dig for myself and not have to hit the
list as a default go to solution... Plus I can't guarantee which scan
results to trust.. The passes, the failures, or a combination therein... I
suppose its good news all the scans on the same machines are always
consistent, so I don't have to exorcise those ghosts at least..
Any help, guidance, or advice guidance infinitely appreciated....
Matthew C
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
