Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[PATCH] Update to service-probes for Microsoft SQL 2000/2005/2008

From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 19 Feb 2009 18:45:01 -0600
The attached patch does two things:

1.  Adds 4 additional match lines for updated versions of Microsoft SQL Server,
    2 for SQL 2000 and 2 for SQL 2005.

2.  Changes the generic Microsoft SQL server major version (2000, 2005, and 2008)
    match lines to softmatches.  The goal with this is to generate signatures for
    submissions while still identifying the product.  The result is that this section
    has matchlines for specific version numbers, softmatches for product major version,
    and a fallback softmatch for Microsoft SQL in general.


By the way, and to serve as a reminder to me in the future ;) , the version number
detected by a successful hit on the matchline against TCP port 1433 will be more
accurate than the results of the NSE script against the SQL monitor port on UDP 1434.
The reason for this is that, it seems, Microsoft only updates the number provided on
1434 during major Service Packs, and not during patches.  Currently, with the new
matchlines you can actually tell if the software is missing the MS08-040 or MS09-004
security patches.

Tom

Attachment: mssql_matchline_patch.txt
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: