--- Michel Arboi <mikhail@private> wrote: > On Thu, 2005-02-17 at 14:40 -0800, Jon Passki wrote: > > I would like to remove the second, third, and forth conditional > > statements above in Plugin 11033 (Misc information on News > server) > > since they are redundant and report information that isn't a > > vulnerability. > > > I think it can be assumed that if the test occurs > > but there are no results, then there is no vulnerability. > > security_note only displays information, not holes. > And the first message is not really a flaw either. All NNTP > servers at > ISP allow unauthenticated connection... from their subscribers. But security_note shouldn't display messages that state the service is not vulnerable, correct? I thought security_note and security_warning were ways to assess the impact to the environment. One person's information warning may be another person's security warning. So, either way, the information should pertain to security issues, not non-issues. As for your second statement, that could be said about recursive DNS, SMTP relaying, and HTTP proxying, etc. Neither you nor I will know if it's a risk or not until we understand if it is suppose to be there and if it is properly configured. In my particular case above, the NNTP server is unnecessary, so it's an issue (albeit low/informational). Sincerely, Jon __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sat Feb 19 2005 - 08:22:44 PST