Re: [Plugins-writers] windows_asn1_vuln_ntlm.nasl false negative on NT4.0

From: Renaud Deraison (deraison@private)
Date: Tue Mar 09 2004 - 16:36:34 PST

  • Next message: dave@private: "[Plugins-writers] converting hex to ascii"

    On Tue, Mar 09, 2004 at 01:48:14PM -0600, Crow, Owen wrote:
    > I have an NT4.0 system which is vulnerable to the MS04-007 ASN.1 issue
    > according to Windows Update and when I verify the version of msasn1.dll.  If
    > I scan it like this:
    > 
    >  
    > 
    > nasl -s -t hostname windows_asn1_vuln_ntlm.nasl
    > 
    >  
    > 
    > It is shown as not vulnerable (no "Success" message).  
    > 
    >  
    > 
    > Is there something I can provide to help fix the plugin to detect this
    > system (and other NT systems)?  I checked to make sure that either port 139
    > or 445 is open:
    
    This particular host only has port 139 open, so you can't run the
    plugin in standalone mode as it requires the SMB hostname (you have to
    exchange hostnames when talking on top of port 139). Run the script from
    within nessusd, with dependencies enabled, and the script should work.
    
    
    				-- Renaud
    _______________________________________________
    Plugins-writers mailing list
    Plugins-writers@private
    http://mail.nessus.org/mailman/listinfo/plugins-writers
    



    This archive was generated by hypermail 2b30 : Tue Mar 09 2004 - 19:02:01 PST