Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

iis_ver_check.nasl IIS 6 fp?

from [Hubert Seiwert] Network Security [Permanent Link]
Subject: iis_ver_check.nasl IIS 6 fp?
Date: Mon, 20 Feb 2006 13:12:05 +0000 
Hi,

the description of this plugin says:

>The Patch level (Service Pack) of the remote IIS server appears to be >lower than the current IIS service pack level. As each service pack >typically contains many security patches, the server may be at risk.

For IIS 5, it has a content-length value that matches IIS 5 SP3 or SP4.
This will be false positive most of the time as most Win2K systems are probably on SP4 by now, but since the value could also indicate SP3, it seems ok to fire a security_note.

For Win2K3, there are 2 content-length values, one for SP0 (out of date) and one for "Microsoft IIS 6.0 - w2k3 build 3790". According to some quick searches, this *is* the build number of SP1 which is currently the latest SP for Win2K3.

So the security_note shouldn't really fire for this value, as it's purely informational and doesn't match the vuln description?

My suggestion would be to set a kb value of the detected version for all cases and only fire the security note if the sig detected does not match the current version.

--
Hubert Seiwert

Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • iis_ver_check.nasl IIS 6 fp?, Hubert Seiwert <=
Previous by Date:  Re: Cannot Connect, Ferdy Riphagen
Next by Date:  Command line install/certificates, R. Brockway
Previous by Thread:  Cannot Connect, Chatarpal, Muni
Next by Thread:  Command line install/certificates, R. Brockway
Indexes:  [Date] [Thread] [Top] [All Lists]