Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Nessus scanning basics - Windows vulnerabilties

from [Susan Stewart] Network Security [Permanent Link]
Subject: Nessus scanning basics - Windows vulnerabilties
Date: Mon, 22 May 2006 10:40:56 -0700 (PDT) 
I am new to Nessus and am trying to use Nessus 2.2.6 to scan a Windows XP 
machine.  It's right out of the box, no patches.  The scan does not catch 
anything.  If I run the scan on another XP machine I have, it picks up the 
following vulnerability:

Vulnerability   microsoft-ds (445/tcp)   
 Synopsis :

 Arbitrary code can be executed on the remote host.

 Description :

 The remote version of Windows contains a flaw in the Web Client service which 
 may allow an attacker to execute arbitrary code on the remote host.

 To exploit this flaw, an attacker would need credentials to log into the 
 remote host.

 Solution : 

 Microsoft has released a set of patches for Windows XP and 2003 :

http://www.microsoft.com/technet/security/bulletin/ms06-008.mspx

 Risk factor : 

 Medium / CVSS Base Score : 6 
 (AV:R/AC:L/Au:R/C:C/A:C/I:C/B:N)
 CVE : CVE-2006-0013
 BID : 16636
 Nessus ID : 20928          
I think there would be numerous vulnerabilities on an unpatched Windows 
machine.  Is there a reason why the same set of plugins would see the 
vulnerability on one machine and not on the other?

Thanks,
Susan

                
---------------------------------
Feel free to call! Free PC-to-PC calls. Low rates on PC-to-Phone.  Get Yahoo! 
Messenger with Voice
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus 3.0.3 / 2.2.8 released ; NessusClient 1.0.0.RC5 available, George A. Theall
Next by Date:  Win 3.0.3 (beta) plugin update fails, Spam Hole
Previous by Thread:  Nessus 3.0.3 / 2.2.8 released ; NessusClient 1.0.0.RC5 available, Renaud Deraison
Next by Thread:  Re: Nessus scanning basics - Windows vulnerabilties, Josh Zlatin
Indexes:  [Date] [Thread] [Top] [All Lists]