Hi, As far as I can tell, Nessus does not have plugins for the following recent vulnerabilities (apologies for limited references): 1) phpMyAdmin XSS 2) Outlook Web Access XSS 3) Samba vulnerabilities CAN-2003-0196 / CAN-2003-0201 4) possible open relay with qmail-smtpd-auth. 5) CGI.pm XSS 6) Solaris IPv6 DoS 7) IIS 6.0 web admin XSS 8) Linux kernel dos in XDR routine 9) Microsoft ISA server XSS I have some time this week to spend implementing these. Basically the XSS ones /should/ be relatively straightforward. The samba test will be hard - has anyone attempted this? The qmail one I plan to extend the open relay test to try doing an AUTH with duff info, and then retry the test. This should catch this flaw in a generic way. Dunno what the deal is with IP6 - is it possible to do such tests over the internet? In our case I think I can sidestep (8) by just detecting NFS and reporting that as a vulnerability. Any feedback much appreciated, Paul -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paulat_private web: www.westpoint.ltd.uk
This archive was generated by hypermail 2b30 : Wed Jul 30 2003 - 03:41:54 PDT