Re: [Plugins-writers] Plugin 18502 false positives (Network check for MS05-027, smb_kb896422.nasl)

Previous message: Apple Maggot: "[Plugins-writers] Plugin 18502 false positives (Network check for MS05-027, smb_kb896422.nasl)"
In reply to: Apple Maggot: "[Plugins-writers] Plugin 18502 false positives (Network check for MS05-027, smb_kb896422.nasl)"
Next in thread: Douglas McLean: "Re: [Plugins-writers] Plugin 18502 false positives (Network check for MS05-027, smb_kb896422.nasl)"
Reply: Douglas McLean: "Re: [Plugins-writers] Plugin 18502 false positives (Network check for MS05-027, smb_kb896422.nasl)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

deraison@private

On Jun 27, 2005, at 15:28, Apple Maggot wrote:

> FYI.  Plugin 18502 (aka. the Network check for MS05-027,  
> smb_kb896422.nasl) revision 1.2 has a 100% false positive rate when  
> scanning systems running Windows Server 2003.  We have found this  
> to be the case whilest scanning 200+ Win2K3 systems.  In all cases  
> this plugin reports that the Win2K3 systems are "unpatched", even  
> when they are patched.  However, the plugin *does* appear to be  
> 100% accurate when scanning Win2K and WinXP systems.  It just seems  
> to falter with Win2K3.

We've tested the plugin against several Windows 2003 boxes and have  
not run into the issue. The patch released by Microsoft includes the  
exact same fixes for both XP and Win2003, so having a FP on one side  
and not on the other seems quite unlikely.

Make sure that your Windows 2003 system has rebooted since the patch  
has been applied. Otherwise send me network traces as well as your  
Windows 2003 exact setup for a better diagnosis.

                                 -- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers