On Thu, 17 Nov 2005 monali.shah@tcs.com wrote:
Hi Josh,
Thanks for the info.
There is one more thing that I observed.
One of the processes of my application gets killed while the scan is
happening, however the hole which I have mentioned below is seen in the
report
after almost 20 min. Does it mean that the process is actually killed by
some other plugin and not this one ?
Under what circumstances can this hole be a false positive ?
I suggest you either run a scan where the only plugin enabled is
miscflood.nasl or you can run nasl -t TheIPYouWantToCheck miscflood.nasl
from the command line on your nessus server. If you choose the second method
then you need to change the following line in the plugin:
port = get_kb_item("Services/unknown");
to
port = "6780";
for the check to work.
--
- Josh
unknown (6780/tcp) High
It was possible to crash the remote service by flooding it with too much
data.
An attacker may use this flaw to make this service crash continuously,
preventing this service from working properly. It may also be possible
to exploit this flaw to execute arbitrary code on this host.
Solution : upgrade your software or contact your vendor and inform it of
this
vulnerability
Risk factor : High
Thanks in advance for your help
Regards,
Monali Navin Shah
Josh Zlatin-Amishav <josh@tkos.co.il>
11/16/2005 02:25 PM
To
monali.shah@tcs.com
cc
Nessus@list.nessus.org
Subject
Re: Critical issues identified by Nessus
On Wed, 16 Nov 2005 monali.shah@tcs.com wrote:
What I would like to know over here is that :
a : Which pluggin actually identified these holes ?
It looks like the miscflood.nasl (plugin #10735). Depending on what your
report output type is, you can see which plugin identified which hole.
b : What is the kind of data that was pumped in to crash the port , i
mean
is it some random data or some specific Packets which are being sent ?
miscflood.nasl sends a string of 65535 X's 10 times to the open port and
then checks if the service that was listening is still responsive.
--
- Josh
ForwardSourceID:NT00004382
Notice: The information contained in this e-mail message and/or attachments
to it may contain confidential or privileged information. If you are not the
intended recipient, any dissemination, use, review, distribution, printing or
copying of the information contained in this e-mail message and/or attachments
to it are strictly prohibited. If you have received this communication in
error, please notify us by reply e-mail or telephone and immediately and
permanently delete the message and any attachments. Thank you
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
