Nmap Development mailing list archives
[NSE] smb-check-vulns safe vs unsafe
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 27 Aug 2010 15:37:29 -0500
I have read the documentation, but I cannot figure out why there are both safe and unsafe script-args for this script. No other scripts use these arguments. Sample output:
| smb-check-vulns:| Conficker: UNKNOWN; not Windows, or Windows with disabled browser service (CLEAN); or Windows with crashed browser service (possibly INFECTED). | | If you know the remote system is Windows, try rebooting it and scanning| |_ again. (Error NT_STATUS_OBJECT_NAME_NOT_FOUND) | regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)| SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run)| MS06-025: CHECK DISABLED (remove 'safe=1' argument to run) |_ MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)
From the documentation:
This is confusing. Apparently there are 3 levels of "safety", but 4 possible states of these variables:If you set the script parameter |unsafe|, then scripts will run that are almost (or totally) guaranteed to crash a vulnerable system; do NOT specify |unsafe| in a production environment! And that isn't to say that non-unsafe scripts will not crash a system, they're just less likely to.If you set the script parameter |safe|, then script will run that rarely or never crash a vulnerable system. No promises, though.
safe=0, unsafe=0: kinda-safe safe=1, unsafe=0: very safe safe=0, unsafe=1: very unsafe safe=1, unsafe=1: ??? (in practice, same as #2 ("very safe"))I'm attaching a patch to change this to a single variable, "unsafe," with 3 states:
unsafe == 1: kinda-safe unsafe == 2: very unsafe unsafe == anything_else: very safeI would really like to know the choices that led to the current design, and if this change is acceptable.
Dan
Attachment:
unsafe.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] smb-check-vulns safe vs unsafe Daniel Miller (Aug 27)