Re: [Openvas-plugins] secpod_ms_windows_sp_mult_vuln.nasl False Positive with Win8/Win2012 Server

Tue, 18 Nov 2014 04:46:24 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Sebastien Aucouturier,

Thanks for reporting.

Fixed the issue.


Thanks!
Veerendra GG

On 07/22/2014 12:10 PM, Sebastien Aucouturier wrote:
> Hi team,
> 
> i got false positive using plugin secpod_ms_windows_sp_mult_vuln, on
> Win2012 Server.
> 
> On Win2012 Server :
> Register 'SMB/Windows/ServicePack' value is '0'
> because there is no Service pack available for Windows Server 2012
> (6.2), Windows Server 2012 R2 (6.3), Windows 8 (6.2),Windows 8.1(6.3).
> This is not a lack of security, MS prefer using "Update Rollup" now.
> 
> Here is my suggested modification :
> 
> --- secpod_ms_windows_sp_mult_vuln.nasl.old    2014-07-22
> 08:25:04.832955947 +0200
> +++ secpod_ms_windows_sp_mult_vuln.nasl    2014-07-22 08:25:41.657250718
> +0200
> @@ -103,11 +103,18 @@
>  }
> 
>  ## Check if service pack is installed or not
> -No_SP  =  get_kb_item("SMB/Windows/ServicePack");
> +## and Windows version < 6.2 : Instead of ServicePacks, MS are releasing
> +## an "Update Rollup" on a regular basis since Windows 2012 server (6.2)
> +
> +No_SP = get_kb_item("SMB/Windows/ServicePack");
> +Winver = get_kb_item("SMB/WindowsVersion");
>  if(No_SP == "0")
>  {
> -  security_hole(0);
> -  exit(0);
> +    if (version_is_less(version:Winver, test_version:"6.2"))
> +    {
> +        security_hole(0);
> +        exit(0);
> +    }
>  }
> 
> 
> -- 
>  Sébastien AUCOUTURIER | Research and Development Manager
>  Phone. +33(0)5.67.34.67.84| www.itrust.fr
>  IT Security Experts (Services & Solutions) | Keep Information Security
> Simple
> 
>  This e-mail is confidential (and any attachments) is intended to its
> recipient(s).
> 
> _______________________________________________
> Openvas-plugins mailing list
> [email protected]
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJUa0GBAAoJEFdbOg70fJiaBp8H/Rboa5ZtwIdk1lg/NM8oZi0y
NurUQoV31tTfZy28KNod6gY+0Dl3A8Xd34Fy7uVi+4PLMfZppRXBhu1uszdJYxXJ
ZRml1eYwOzX1Wwrn0XoZAu8YUQT+WxcWsV9en8EAtttc1CQ7gi7CsIjvXysmvLVD
JfoqwAVYrrD8H3CRNenZcKJvMnNUvpvHGp2mNiiiOX/xBUKPQvT1Tk4H0RGQsBsh
/LLYdpZvGSCdnJCybS3MJxHDQfdweoycDo2VqITA4fQvNwzO91WC+O6BKEQ2rOaz
QqP4pbyO0GGelaePl7bS6amaRp5KUBBnRT3OfnxKp0sNNhrN5reegqcIhyu9lw8=
=PFmS
-----END PGP SIGNATURE-----
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

Reply via email to