[Plugins-writers] Small mod to 11052

• Previous message: Nicolas Pouvesle: "Re: [Plugins-writers] MS Password Policy Enumeration"
• Next in thread: Nicolas Pouvesle: "Re: [Plugins-writers] Small mod to 11052"
• Reply: Nicolas Pouvesle: "Re: [Plugins-writers] Small mod to 11052"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Just changed this plugin so it reports as "general/tcp" not "8888/tcp" 
which seems more appropriate.

BTW, I notice the plugin agreement prohibits modifying plugins. I don't 
expect it was intended to prevent work such as this, so I've carried on 
"business as usual". Hope this is ok.

Regards,

Paul

-- 
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@private
web: www.westpoint.ltd.uk



#
# This script was written by Renaud Deraison <deraison@private>
#
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
#      Erik Anderson <eanders@private>
#      Added BugtraqID
#
# See the Nessus Scripts License for details
#

if(description)
{
 script_id(11052);
 script_bugtraq_id(5279);
 script_version("$Revision: 1.8 $");

 name["english"] = "BenHur Firewall active FTP firewall leak";
 script_name(english:name["english"]);

 desc["english"] = "
It is possible to connect on firewall-protected ports on the remote
host by setting one's source port to 20.

An attacker may use this flaw to access services that should not
be accessible to outsiders on this host.


Solution: Reconfigure your firewall to *not* accept anything
coming from port 20.

Risk factor : High";

 script_description(english:desc["english"]);

 summary["english"] = "Connects to a few services with sport = 20";
 script_summary(english:summary["english"]);

 script_category(ACT_GATHER_INFO);


 script_copyright(english:"This script is Copyright (C) 2002 by Renaud Deraison");
 family["english"] = "Firewalls";
 script_family(english:family["english"]);
 exit(0);
}



if(islocalhost())exit(0);




	
soc = open_priv_sock_tcp(sport:20, dport:8888);
if(soc){
	close(soc);
	soc = open_sock_tcp(8888);
	if(soc){ close(soc); exit(0); }
	security_hole(0);
	}




*** plugins/benhur_ftp_firewall.nasl	Tue Jan  4 14:22:55 2005
--- benhur_ftp_firewall.nasl	Wed Jan 12 14:25:33 2005
***************
*** 57,63 ****
  	close(soc);
  	soc = open_sock_tcp(8888);
  	if(soc){ close(soc); exit(0); }
! 	security_hole(8888);
  	}
  
  
--- 57,63 ----
  	close(soc);
  	soc = open_sock_tcp(8888);
  	if(soc){ close(soc); exit(0); }
! 	security_hole(0);
  	}
  
  


_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Nicolas Pouvesle: "Re: [Plugins-writers] MS Password Policy Enumeration"
• Next in thread: Nicolas Pouvesle: "Re: [Plugins-writers] Small mod to 11052"
• Reply: Nicolas Pouvesle: "Re: [Plugins-writers] Small mod to 11052"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Jan 12 2005 - 06:29:55 PST