Plugin 10369 - dvwssr.dll backdoor

From: Paul Johnston (paul@westpoint.ltd.uk)
Date: Tue Aug 12 2003 - 04:07:10 PDT

Next message: sullo@cirt.net: "tripwire_webpage.nasl update"

Previous message: Haroon Meer: "Remote IIS patch level detection."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

This plugin has been causing loads of apparently false positives for me, 
ever since we've been running non-optimised scans.

It seems to be relying on some IIS specific behaviour to scan for the 
dll even if you can't run it. I think when used against other webservers 
this causes false positives.

I am going to add an explicit check to the plugin, like:

if(!get_kb_item("www/iis")) exit(0);

Is this sensible?

Paul

-- 
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk

Next message: sullo@cirt.net: "tripwire_webpage.nasl update"
Previous message: Haroon Meer: "Remote IIS patch level detection."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 04:08:23 PDT