I ran a Nessus scan on one of our Windows 2000 Servers. Next I ran the
Microsoft Baseline Security Analyzer against the same server and compared
the results. They appear to be pretty close but I have come across one
anomaly I'd like to resolve. The MBSA flagged MS04-003 based on the file
version of odbcbcp.dll. I verified the actual version number of the
installed odbcbcp.dll as 2000.85.1022.0. It should be at least version
2005.85.1025.0.
Nessus Plugin ID 11990 doesn't appear to check any file versions (not sure
if Nessus has this capability) and did not flag this vulnerability. I
checked the registry on the affected machine and it should have failed this
part of the check:
if ( hotfix_missing(name:"KB832483") > 0 &&
hotfix_missing(name:"Q832483") > 0 )
security_warning(get_kb_item("SMB/transport"));
I'm not sure why it didn't fail that check but I ran the Microsoft MDAC
version checking tool (CC.exe) and it said this machine has version MDAC 2.8
RTM, so I wonder if it passed this part of the check:
if(ereg(pattern:"2\.6[3-9].*", string:version))exit(0); # SP3 applied
and therefore never checked for the missing hotfixes?
Thanks,
Scott
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Thu Jan 27 2005 - 10:48:45 PST