MS RPC Patch (Mis-)Reporting
John Kapp
jkapp2020 at earthlink.net
Thu Sep 11 08:29:06 EDT 2003
> Could you run the attached plugin in command-line mode and tell me
> what it outputs ? (nasl -t target msrpc_dcom2.nasl).
Attached is another example that seemed to run cleanly:
bluepill:/lib/nessus/plugins# nasl -t 10.129.53.189 test.nasl
error1=0000000000
error2=0000000000
error3=0200000000
error4=2000000003
Success
Output from MS's 039 tool:
10.129.53.189: patched with KB824146 and KB823980
-----Original Message-----
From: Renaud Deraison <deraison at nessus.org>
Sent: Sep 11, 2003 1:19 PM
To: John Kapp <jkapp2020 at earthlink.net>, nessus at list.nessus.org
Subject: Re: MS RPC Patch (Mis-)Reporting
On Thu, Sep 11, 2003 at 02:23:45AM -0400, John Kapp wrote:
> Over the past couple weeks, I've had very good results using msrpc_dcom.nasl for testing for the MS03-026 patch. Now that we have starting applying MS03-039, I'm getting inconsistent results with both the msrpc_dcom and dcom2 plugins. After applying the 039 patch, about 20% of the systems that I scan are reported as being vulnerable by both the dcom and dcom2 plugins. Microsoft's KB824146 scanner accurately reports that both patches have been installed on these same systems.
Could you run the attached plugin in command-line mode and tell me
what it outputs ? (nasl -t target msrpc_dcom2.nasl).
What operating system is running on the hosts which are supposed to be
patched ?
Also, note that msrpc_dcom.nasl won't work against a host with
MS03-039 applied, so make sure you are running version 1.9 and that BOTH
msrpc_dcom.nasl and msrpc_dcom2.nasl are enabled when you do a scan.
-- Renaud
More information about the Nessus
mailing list