Re: Sambar sendmail false positives

From: Michael Scheidell (scheidell@secnap.net)
Date: Fri Jan 04 2002 - 12:33:28 PST

Next message: Michel Arboi: "Security not my problem!"

Previous message: Thomas Reinke: "Re: Sambar sendmail false positives"
In reply to: Thomas Reinke: "Re: Sambar sendmail false positives"
Next in thread: Thomas Reinke: "Re: Sambar sendmail false positives"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For those follwing 1.1x, these patches applied against 1.1x CVS will bring
it up also:
(Renaud has to change script version of 1.11)

--- src/nessus-plugins/scripts/sambar_sendmail.nasl     Mon Dec 17 12:03:14
2001
+++ lib/nessus/plugins/sambar_sendmail.nasl     Fri Jan  4 15:30:24 2002
@@ -54,10 +54,11 @@
  if(soc)
  {
   send(socket:soc, data:data);
-  buf = recv_line(socket:soc, length:4096);
+  buf = recv(socket:soc, length:4096);
   close(soc);
   buf = tolower(buf);
   if(" 400 invalid header received " >< buf)exit(0);
+  if("you're speaking plain http to an ssl-enabled server port" ><
buf)exit(0);
   if(" 400 " >< buf)security_warning(port);
  }
 }

Next message: Michel Arboi: "Security not my problem!"
Previous message: Thomas Reinke: "Re: Sambar sendmail false positives"
In reply to: Thomas Reinke: "Re: Sambar sendmail false positives"
Next in thread: Thomas Reinke: "Re: Sambar sendmail false positives"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 12:35:41 PST