RE: [Plugins-writers] windows_asn1_vuln_ntlm.nasl false negative on NT4.0

From: Crow, Owen (Owen_Crow@private)
Date: Wed Mar 10 2004 - 08:04:00 PST

  • Next message: Crow, Owen: "[Plugins-writers] False positive for 10965: ssh_AllowedAuthentications.nasl?"

    OK, I tried again using NessusWX.  I enabled the three remote tests (SMB,
    SMTP and HTTP) and dependencies, but it still shows as not vulnerable.
    
    Attached is the nessusrc for this scan.
    
    Let me know if I need to try anything else.
    
    Thanks,
    Owen
    
    -----Original Message-----
    From: Renaud Deraison [mailto:deraison@private] 
    Sent: Tuesday, March 09, 2004 6:37 PM
    To: plugins-writers@private
    Subject: Re: [Plugins-writers] windows_asn1_vuln_ntlm.nasl false negative on
    NT4.0
    
    On Tue, Mar 09, 2004 at 01:48:14PM -0600, Crow, Owen wrote:
    > I have an NT4.0 system which is vulnerable to the MS04-007 ASN.1 issue
    > according to Windows Update and when I verify the version of msasn1.dll.
    If
    > I scan it like this:
    > 
    >  
    > 
    > nasl -s -t hostname windows_asn1_vuln_ntlm.nasl
    > 
    >  
    > 
    > It is shown as not vulnerable (no "Success" message).  
    > 
    >  
    > 
    > Is there something I can provide to help fix the plugin to detect this
    > system (and other NT systems)?  I checked to make sure that either port
    139
    > or 445 is open:
    
    This particular host only has port 139 open, so you can't run the
    plugin in standalone mode as it requires the SMB hostname (you have to
    exchange hostnames when talking on top of port 139). Run the script from
    within nessusd, with dependencies enabled, and the script should work.
    
    
    				-- Renaud
    _______________________________________________
    Plugins-writers mailing list
    Plugins-writers@private
    http://mail.nessus.org/mailman/listinfo/plugins-writers
    
    
    
    

    _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers



    This archive was generated by hypermail 2b30 : Wed Mar 10 2004 - 08:06:02 PST