Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: INCONSISTENT RISK FACTOR

from [Nicolas Pouvesle] Network Security [Permanent Link]
Subject: Re: INCONSISTENT RISK FACTOR
Date: Tue, 9 Jan 2007 15:03:06 +0100 

On Jan 7, 2007, at 1:06 AM, John Scherff wrote:

Nessus returns inconsistent risk ratings when it is able to access a Windows share.

On a Windows 2003 server, the risk factor is 'None.'

On an AIX server running Samba, the risk factor is 'High / CVSS Base Score : 7 (AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)'

Both results are returned from Plugin 10396, and the text of the finding is the same (except that the share names and contents are different). Each server has both readable and readable/writable shares. The only difference is that the "service" is 'netbios-ssn (139/tcp)' on AIX and 'microsoft-ds (445/tcp)' on Windows.

In both cases, Nessus is using credentials and the account it is using has access to the shares, so it is not a vulnerability.

Is there a way to resolve this discrepancy?



No yet. We are planning to fix this by splitting the test in 2 plugins :

1) checks remote shares with NULL/Guest session -> High
2) checks remote shares with credentials -> None


Regards,

Nicolas
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Is the Nessus Vulnerability Scanner IPv6 compatible and/or capable?, Reyes, Frederick
Next by Date:  Resuming Scans, Larry Petty
Previous by Thread:  INCONSISTENT RISK FACTOR, John Scherff
Next by Thread:  ChiSUG January Meeting, Steven McGrath
Indexes:  [Date] [Thread] [Top] [All Lists]