On Thu, Oct 12, 2006 at 05:24:13PM +0100, Hubert Seiwert wrote: > this plugin matches the ftp banner using the following: > > if (egrep(pattern:"WS_FTP Server ([0-4]\.|5\.0\.[0-2][^0-9])", string: banner)) > > So this will fire on 5.0.0, 5.0.1, 5.0.2 but not 5.0.3 or 5.0.4. > > According to http://www.securityfocus.com/bid/11065/ (which is one of the refs > listed in the nasl), 5.0.3 and 5.0.4 (excluding 5.0.4 hotfix 1) are vulnerable. I have no idea why SecurityFocus would claim 5.04 is affected. The original advisory only mentions 5.02. And Ipswitch's changelogs for WS_FTP state the fix was incorporated into 5.03; eg, http://www.ipswitch.com/support/ws_ftp-server/releases/wr503.asp and Secunia also makes the same claim: http://secunia.com/advisories/12406 I'm updating the plugin with a link to the WS_FTP release note, but at this point I don't agree that changing the banner check is the correct thing to do. George -- theall@private _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Thu Oct 12 2006 - 13:22:12 PDT