I have an NT4.0 system which is vulnerable to the MS04-007 ASN.1 issue according to Windows Update and when I verify the version of msasn1.dll. If I scan it like this: nasl -s -t hostname windows_asn1_vuln_ntlm.nasl It is shown as not vulnerable (no "Success" message). Is there something I can provide to help fix the plugin to detect this system (and other NT systems)? I checked to make sure that either port 139 or 445 is open: # nmap -A -sSU -p139,445 hostname Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-03-09 13:29 CST Interesting ports on hostname (10.0.0.1): PORT STATE SERVICE VERSION 139/tcp open netbios-ssn 139/udp closed netbios-ssn 445/tcp closed microsoft-ds 445/udp closed microsoft-ds Device type: general purpose Running: Microsoft Windows NT/2K/XP OS details: Microsoft Windows NT 4.0 SP5-SP6 Nmap run completed -- 1 IP address (1 host up) scanned in 7.423 seconds My admins who have been patching NT systems say that none of the NT systems are showing up in the scans. Although I know that NT is not vulnerable by default, most of these systems have the security fixes in place that installed msasn1.dll so they are vulnerable. Attached is a sanitized pcap of the nasl run above. Thanks, Owen
This archive was generated by hypermail 2b30 : Tue Mar 09 2004 - 11:49:25 PST