Penetration Testing mailing list archives
RE: MS05-039 Scanner
From: "Marc Maiffret" <mmaiffret () eeye com>
Date: Tue, 16 Aug 2005 19:18:32 -0700
A quick side note not to confuse MBSA or Shavlik with how Retina or others do it. Retina is able to detect the patch as missing, as Shavlik and MBSA do, (registry/file, which requires admin creds) but we also are able to remotely identify a vulnerable system without requiring authenticated credentials. That obviously makes it easier to find vulnerable systems on a Class B network because really who has credentials for a whole Class B and even if you miraculously did then what about all the systems you don't know about that are unmanaged and you definitely don't have access too. This is just one reason why stuff like MBSA is great for very small shops but is really unreasonable for any real network. Shavlik and others obviously are really meant more for patching, which means systems you know, so while it's a deficiency that they cant truly give you a view of vulnerability within your Class B network it's a limitation that is probably something they are not meaning to address in the first place, again because they do patch management instead of vulnerability management. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Blink - End-Point Vulnerability Prevention http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities Important Notice: This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offense. Please delete if obtained in error and email confirmation to the sender. -----Original Message----- From: Jeff Bryner [mailto:jbryner1 () yahoo com] Sent: Tuesday, August 16, 2005 9:29 AM To: michael_black () comcast net; pen-test () securityfocus com Subject: Re: MS05-039 Scanner
Does anyone know of any available scanners for this vulnerability? I know Tenable has a plugin for Nessus and eEye has a free one for up
I dunno if you've solved this or not, but the tenable ones are usually just templates that look for different hotfixes. The source for this particular one is on their website at: http://www.nessus.org/plugins/index.php?view=viewsrc&id=19402 and you can see what it looks for. Assuming you have admin access to this class B network you could use the nessus plugin, or script something to mount the admin share and look for the hotfix. Alternatively http://hfnetchk.shavlik.com/ can also check for hotfixes remotely again assuming you have admin access. Jeff. ------------------------------------------------------------------------ ------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- MS05-039 Scanner michael_black (Aug 16)
- Re: MS05-039 Scanner Base64 (Aug 16)
- Re: MS05-039 Scanner Jeff Bryner (Aug 16)
- Re: MS05-039 Scanner rusty chiles (Aug 16)
- Re: MS05-039 Scanner Graeme Connell (Aug 18)
- Re: MS05-039 Scanner Matt Burrough (Aug 18)
- <Possible follow-ups>
- RE: MS05-039 Scanner Steve.Cummings (Aug 16)
- RE: MS05-039 Scanner MacEwen, Jeffrey B. (Aug 16)
- RE: MS05-039 Scanner Marc Maiffret (Aug 17)
- Re: MS05-039 Scanner fatb (Aug 18)
- Re: MS05-039 Scanner Byron L. Sonne (Aug 18)
- Re: MS05-039 Scanner michael_black (Aug 17)
- RE: MS05-039 Scanner Beauford, Jason (Aug 18)
- Re: MS05-039 Scanner fatb (Aug 19)
- Re: MS05-039 Scanner David Cravshaw (Aug 19)
- RE: MS05-039 Scanner MacEwen, Jeffrey B. (Aug 19)