Penetration Testing mailing list archives
Re: nessus scan - epmap (135/tcp)
From: "Chris Griffin" <chris () logossecurity com>
Date: Thu, 18 Dec 2008 16:28:30 -0500
What i recommend doing is looking into that nessus plugin and reviewing the code for what exactly its looking at. It could be seeing a reg entry, or a file version to base its claim on. I had a similar problem in the past so I changed the plugin that gave me so many problems to look for something different based on my environment. I still got a few false positives but it did make life much easier. On Thu, Dec 18, 2008 at 8:43 AM, m sesser <security () sesser eu> wrote:
hi list, some nessus scans have the following result: Vulnerability found on port epmap (135/tcp) The remote host is running a version of Windows which has a flaw in its RPC interface which may allow an attacker to execute arbitrary code and gain SYSTEM privileges. There is at least one Worm which is currently exploiting this vulnerability. Namely, the MsBlaster worm. Solution: see http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx Risk factor : High CVE : CAN-2003-0352 BID : 8205 Other references : IAVA:2003-A-0011 Nessus ID : 11808 the microsoft link leads to a scanner which should show, if a system is patched or not: http://support.microsoft.com/kb/827363/EN-US/ --> result: system is patched C:KB824146Scan.exe <hostname> Microsoft (R) KB824146 Scanner Version 1.00.0257 for 80x86 Copyright (c) Microsoft Corporation 2003. All rights reserved. <+> Starting scan (timeout = 5000 ms) Checking hostname hostname: patched with both KB824146 (MS03-039) and KB823980 (MS03-0 <-> Scan completed Statistics: Patched with both KB824146 (MS03-039) and KB823980 (MS03-026) .... 1 Patched with only KB823980 (MS03-026) ............................ 0 Unpatched ........................................................ 0 TOTAL HOSTS SCANNED .............................................. 1 DCOM Disabled .................................................... 0 Needs Investigation .............................................. 0 Connection refused ............................................... 0 Host unreachable ................................................. 0 Other Errors ..................................................... 0 TOTAL HOSTS SKIPPED .............................................. 0 TOTAL ADDRESSES SCANNED .......................................... 1 which tool is right? is there a 3rd-party tool to test? is nessus (2.2.9 ubuntu) state of the art? thanks, markus ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- nessus scan - epmap (135/tcp) m sesser (Dec 18)
- Re: nessus scan - epmap (135/tcp) Chris Griffin (Dec 18)
- Re: nessus scan - epmap (135/tcp) Volker Tanger (Dec 18)
- Re: nessus scan - epmap (135/tcp) m sesser (Dec 19)
- Re: nessus scan - epmap (135/tcp) Ron (Dec 19)
- Re: nessus scan - epmap (135/tcp) security curmudgeon (Dec 19)
- <Possible follow-ups>
- nessus scan - epmap (135/tcp) christopher . riley (Dec 19)