Hi guys.. We recently started picking up false positives with the ssltest.nasl (OpenSSL overflow via invalid certificate passing) (script_id(11875)) against IIS servers. The nasl _does_ do a check for IIS, Netware etc prior to testing by sending a client_hello(mymlen:0, mymtype:0, myversion:15) and checking for a response. A response (according to the script) indicates an IIS/Netware/Non-OpenSSL implementation and the test exits there.. This used to work ferpectly : (ssltest.nasl renamed ssltest2 with more displays()'s) -snip- [root@intercrastic plugins]# nasl -t IIS_Server.local ssltest2.nasl Made the connect! Sent the client_hello(mymlen:0, mymtype:0, myversion:15) got stuff back Exiting -snip- An OpenSSL server used to return : -snip- [root@intercrastic plugins]# nasl -t OpenSSL.local ssltest2.nasl Made the connect! Sent the client_hello(mymlen:0, mymtype:0, myversion:15) Got nothing back, moving on with the test ... -snip- It appears though that at some point ssl_funcs.inc changed and currently setting myversion:15 returns nothing from both IIS and OpenSSL -snip- [root@intercrastic plugins]# nasl -t IIS_SERVER.local ssltest2.nasl Made the connect! Sent the client_hello(mymlen:0, mymtype:0, myversion:15) Got nothing back, moving on with the test [3547](ssltest2.nasl) No such arg 'port' for function 'client_hello' - ignored Success -snip- (the port error can be fixed by adding port as an argument to client_hello in ssl_funcs.inc) Anyone else seen this ? /MH ====================================================================== Haroon Meer MH SensePost Information Security +27 83786 6637 PGP : http://www.sensepost.com/pgp/haroon.txt haroon@private ====================================================================== _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Dec 21 2004 - 17:32:35 PST