Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Samba swat warnings in 2.2.4

from [Knut Hellebø] Network Security [Permanent Link]
Subject: Re: Samba swat warnings in 2.2.4
Date: Wed, 27 Apr 2005 14:06:52 +0200 
Regards,

..and first of all, thanks for all the responses. I have received a couple of suggestions and will try summing them up in this mail:

1. Delete the .../plugins/.desc area, kill nessusd, restart it and retry the test. This produced the same result as before, testing the Solaris 9 box.

2. George correctly pointed out that the description comes from the Gentoo linux plugin, and when doing a find |grep "GLSA-200407-21", the Gentoo plugin popped up as the only file/plugin containing this string.
The MD5 sums of this plugin are

d144378a69a577e4dfaff2e3ce63fe36  gentoo_GLSA-200407-21.desc
55820405d437235ea187a0d898462b3a  gentoo_GLSA-200407-21.nasl

I have also deselected the "silent dependencies" (to try a long shot),
but no difference. Also, I tested a Sgi running IRIX 6.5.27. Testing this system did not reveal any swat vulns. The same goes for a AIX 4.3.3 box I tested. Also, I did a nmap run against the "vulnerable" Sun box and nmap did not find the swat port open (this was perhaps expected as the report indicated a general/icmp vuln on the Solaris 9 box.). Weird.
--

      ******************************************************************
      *         Knut Hellebø                     | DAMN GOOD COFFEE !! *
      * Hydro IS Partner ESI (Unix) Team         | (and hot too)       *
      * Phone: +4755996870, Fax: +4755995620     |                     *
      * Cellular Phone: +47 93005151             |                     *
      * E-mail: Knut.Hellebo@nho.hydro.com       | Dale Cooper, FBI    *
      ******************************************************************



***********************************************************************
NOTICE: This e-mail transmission, and any documents, files or previous
e-mail messages attached to it, may contain confidential or privileged
information. If you are not the intended recipient, or a person
responsible for delivering it to the intended recipient, you are
hereby notified that any disclosure, copying, distribution or use of
any of the information contained in or attached to this message is
STRICTLY PROHIBITED. If you have received this transmission in error,
please immediately notify the sender and delete the e-mail and attached
documents. Thank you.
***********************************************************************


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Parsing Nmap Results?, Michel Arboi
Next by Date:  Re: Hydra & Portscanning XP, George A. Theall
Previous by Thread:  Re: Samba swat warnings in 2.2.4, George A. Theall
Next by Thread:  Re: Samba swat warnings in 2.2.4, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]