Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] smb-check-vulns safe vs unsafe

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 27 Aug 2010 15:37:29 -0500
I have read the documentation, but I cannot figure out why there are both safe and unsafe script-args for this script. No other scripts use these arguments. Sample output: 
| smb-check-vulns:
| Conficker: UNKNOWN; not Windows, or Windows with disabled browser service (CLEAN); or Windows with crashed browser service (possibly INFECTED). | | If you know the remote system is Windows, try rebooting it and scanning 
| |_ again. (Error NT_STATUS_OBJECT_NAME_NOT_FOUND)
|   regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
| SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run) 
|   MS06-025: CHECK DISABLED (remove 'safe=1' argument to run)
|_  MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)

From the documentation:
If you set the script parameter |unsafe|, then scripts will run that are almost (or totally) guaranteed to crash a vulnerable system; do NOT specify |unsafe| in a production environment! And that isn't to say that non-unsafe scripts will not crash a system, they're just less likely to.
If you set the script parameter |safe|, then script will run that rarely or never crash a vulnerable system. No promises, though.
This is confusing. Apparently there are 3 levels of "safety", but 4 possible states of these variables: 

safe=0, unsafe=0: kinda-safe
safe=1, unsafe=0: very safe
safe=0, unsafe=1: very unsafe
safe=1, unsafe=1: ??? (in practice, same as #2 ("very safe"))
I'm attaching a patch to change this to a single variable, "unsafe," with 3 states: 

unsafe == 1: kinda-safe
unsafe == 2: very unsafe
unsafe == anything_else: very safe
I would really like to know the choices that led to the current design, and if this change is acceptable. 

Dan

Attachment: unsafe.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: