Hi, I've been thinking about this, I'd appreciate any input. I see there's already a registry test, but what about a non-destructive remote test? This may well be possible, using an invalid ASN sequence that wouldn't crash an unpatched box, but would return an error on a patched one. I've not confirmed this, although I notice E-Eye claim to have a test in Retina. Does anyone have details on what that does? Has anyone looked more closely at whether such a test really is possible? There are many vectors to attack this vulnerability - some remote (e.g. Kerberos, NTLM, SSL) and some local. Now, a remote test would only be able to find the remote attack vectors. If I was to test for this, using SSL as the attack vector would be most useful for my customer base (file sharing ports are always firewalled, kerberos is rare). However, it would only work against servers with SSL and all the other unpatched servers still have some degree of risk, so it may be of limited usefulness. Thoughts anyone? Paul -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul@private web: www.westpoint.ltd.uk _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Wed Feb 11 2004 - 04:13:11 PST