[Openvas-plugins] [Openvas-discuss] Question about plugin 11808
jan-oliver.wagner at intevation.de
Thu May 15 10:53:05 CEST 2008
(I am CCing this to openvas-plugins, the mailing list for plugin issues)
On Mittwoch, 14. Mai 2008, Vincenti Francesco wrote:
> I am writing you to understand the correct behaviour I should have in
> front of the results of OpenVAS scansion, according the following
> Every scansion of my company's PC I have done until now shows a security
> hole in each machine which is detected by plugin 11808, about Microsoft
> RPC Interface Buffer Overrun, and is caused by epmap on port 135.
> The plugin suggests to update the operating system to a kind of patch
> but when I try to install it the answer is that the operating system
> version in more recent than the patch itself: obviously, the problem is
> known since 2003 and Windows has reached the SP 2 now!
> Is this result the consequence of some missed update of the plugin 11808
> or is the pluging itself which is not update to the SP 2, and how can I
> solve this false positive?
> Thank you very much for your attention.
I am not a plugin developer nor would I call myself a Windows guru.
However, the first observation when looking into the NASL code (msrpc_dcom.nasl)
is that a dependency is not fullfilled (msrpc_dcom2.nasl). This script is missing
which is probably because it is kept proprietary by Tenable (OpenVAS project obviolusly
had to remove any proprietary elelement).
But this does not necessarily cause the problem.
I can try to reproduce the problem, but I'd need to know how to start
the service at port 135. My default XPSP2 has nothing running there.
Dr. Jan-Oliver Wagner Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Openvas-plugins