OK, I tried again using NessusWX. I enabled the three remote tests (SMB, SMTP and HTTP) and dependencies, but it still shows as not vulnerable. Attached is the nessusrc for this scan. Let me know if I need to try anything else. Thanks, Owen -----Original Message----- From: Renaud Deraison [mailto:deraison@private] Sent: Tuesday, March 09, 2004 6:37 PM To: plugins-writers@private Subject: Re: [Plugins-writers] windows_asn1_vuln_ntlm.nasl false negative on NT4.0 On Tue, Mar 09, 2004 at 01:48:14PM -0600, Crow, Owen wrote: > I have an NT4.0 system which is vulnerable to the MS04-007 ASN.1 issue > according to Windows Update and when I verify the version of msasn1.dll. If > I scan it like this: > > > > nasl -s -t hostname windows_asn1_vuln_ntlm.nasl > > > > It is shown as not vulnerable (no "Success" message). > > > > Is there something I can provide to help fix the plugin to detect this > system (and other NT systems)? I checked to make sure that either port 139 > or 445 is open: This particular host only has port 139 open, so you can't run the plugin in standalone mode as it requires the SMB hostname (you have to exchange hostnames when talking on top of port 139). Run the script from within nessusd, with dependencies enabled, and the script should work. -- Renaud _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Wed Mar 10 2004 - 08:06:02 PST