[unisog] RE: New RPC Vulnerability -> SCANMS false positive

Joshua Thomas thomasj4 at ohio.edu
Thu Sep 11 18:45:59 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To detect the new RPC vulnerabilities, we're currently testing Nessus 
plugin 11835:

<http://cgi.nessus.org/plugins/dump.php3?id=11835>

We're using the standalone interpretor 'nasl' utility to run just plugin 
11835.

<http://www.nessus.org/doc/nasl.html>

So far we haven't encountered any false positives.  Anyone already have any 
data regarding false positives/negatives for this plugin?

- ----------------
Joshua Thomas
Security Analyst
Ohio University

- --On Wednesday, September 10, 2003 6:51 PM -0400 Steve Bernard 
<sbernard at gmu.edu> wrote:

> FYI, after applying the new RPC patches (MS03-039), ISS's 'scanms.exe'
> tool flags hosts as being vulnerable to the previous RPC vulnerability
> (MS03-036). I haven't seen an updated version of 'scanms' yet. The new
> signatures from E-Eye seem to work well.




-----BEGIN PGP SIGNATURE-----
Version: Mulberry PGP Plugin v2.0
Comment: processed by Mulberry PGP Plugin

iQA/AwUBP2DC6j1uyXul3QI2EQJGRgCgqbSH0XvSyNHMsJuDYzmbdzfeavoAoPX3
NTEU8SYVFXa5ez20jJUCx0Ji
=kUtp
-----END PGP SIGNATURE-----



More information about the unisog mailing list