Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Question on a Plugin

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Question on a Plugin
Date: Wed, 25 Jan 2006 13:46:23 -0500 
On Wed, Jan 25, 2006 at 01:00:37PM -0500, Bilal Nasrallah wrote:


I ran a nessus scan against one of our devices and it flagged a
vulnerability in the telnet daemon. According to the report, the plugin
that detected the vulnerability is pam_smb/pam_ntdom overflow under
"Gain root remotely" family. Is there a way to find out what are the
details of this test, this would help us to determine if this is a false
positive or not.


The lion's share of Nessus plugins are coded using NASL, which is an
interpreted language, which in turn means that you can see how the
plugin works by reading the source code.

In this case, it sounds like the report is from plugin #10517,
pam_smb.nasl. The plugin's description, and indeed the report itself,
says that the telnet daemon closed the connection abruptly when given a
long username followed by a password and that this may be a false
positive. Have you looked at the logs on the affected system to see why
the connection closed? Did the daemon crash? Is pam_smb or pam_ntdom
even in use there?

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Newbie Question - Nessus Install on Suse 10 or FC4, George A. Theall
Next by Date:  Linux client connection error, brodrick . j . tyndle
Previous by Thread:  Question on a Plugin, Bilal Nasrallah
Next by Thread:  Linux client connection error, brodrick . j . tyndle
Indexes:  [Date] [Thread] [Top] [All Lists]