Penetration Testing mailing list archives
Re: Nessus against Novell file servers.
From: Barrie Dempster <barrie () reboot-robot net>
Date: Wed, 16 Mar 2005 19:32:24 +0000
Roni Bachar wrote: <snip> > > so test if this is your case if yes disable the ftp module. >Good idea, until you consider that this is the pen-test mailing list frequented by pen-testers who should really be investigating this vulnerability to find out if it is a reproducible and therefore reportable DoS vulnerability. Going even further there may be exploitability.
I realise that the present situation is a VA only, so the client might not want this reported/exploited, but the OP should really investigate further. I don't believe it's common practice (at least I don't do it) to ignore a vulnerability because someone else hasn't released an exploit for it.
"disable the ftp module" is probably the most crazy statement I've seen this week (actually it's not but I just said that for effect).
My advice would be, disable the FTP module in order to continue your test, report the DoS as part of the pen-test report (if the client is interested to that extent) and then investigate further and disclose the vulnerability in whatever way your disclosure ethics define.
Don't switch it off and ignore it, *please*!! -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk CA: www.cacert.org "He who hingeth aboot, getteth hee-haw" - Victor (Still Game)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Nessus against Novell file servers. John Thomas (Mar 14)
- Re: Nessus against Novell file servers. AdamT (Mar 14)
- Re: Nessus against Novell file servers. Nathan R. Valentine (Mar 14)
- Re: Nessus against Novell file servers. Roni Bachar (Mar 14)
- Re: Nessus against Novell file servers. Barrie Dempster (Mar 16)
- <Possible follow-ups>
- Re: Nessus against Novell file servers. Davi Ottenheimer (Mar 14)
- RE: Nessus against Novell file servers. Zach.Thompson () nacoal com (Mar 14)
- RE: Nessus against Novell file servers. Gonenc, Ozan (Mar 14)
- RE: Nessus against Novell file servers. john thomas (Mar 15)