On Fri, 12 Dec 2003, Erik Parker wrote: > > > Morning, > > Typically I'd toss this to HD to debug here at the office, but he felt it was > OK to fly off to malaysia for a few weeks.. So I'll ask here. :) > > Using the stock tenable nasl script for CAN-2003-0543, CAN-2003-0544, > CAN-2003-0545.. > > We're seeing it trigger on F5 BigIP's that F5 claim are fixed. They backport > all of their patches, and it's difficult to prove that these are actually > exploitable. I'm curious if anyone else has seen these possible false > positive.. or if F5 just hasn't patched properly. > > The plugin really doesn't look like it could possibly false+.. but I'd figure > I ask before I start getting into it with F5. > > > > > --- > Erik Parker > --- > Hey Erik, the plugin checks to see if the server will "complain" when sent a cert that was unrequested. It is possible that F5 patched the "overflow" without fixing the erroneous behavior which enabled the overflow....The Plugin doesn't go so far as to try to overflow the machine, it only checks to see if the server accepts unrequested certs. John _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Fri Dec 12 2003 - 11:28:14 PST