actually, I wrote a bunch of those scripts below and never included the
dependency on www/iis kb. On my production NESSUS box (1.0.9 on Linux), I
don't note the "www/iis" in any of the NASL scripts. On my devel box (1.1.2
on BSD) I also do not note the www/iis string. Might this be something that
Renaud is adding to the most recent devel version?
Renaud?
However, I do agree with all that you've stated below. I don't (and never
will) turn on the optimization....But that's my choice, and it's nice to have
those choices :-)
John Lampe
On Tuesday 28 August 2001 11:11, you wrote:
> All of these plugins only run if the server is IIS:
>
> $ grep 'www/iis' *
>
> iis_anything_idq.nasl: script_require_keys("www/iis");
> iis_authentification_manager.nasl: script_require_keys("www/iis");
> iis_bdir.nasl: script_require_keys("www/iis");
> iis_buffer_overflow.nasl: script_require_keys("www/iis");
> iis_crash.nasl: script_require_keys("www/iis");
> iis_decode_bug.nasl: script_require_keys("www/iis");
> iis_dir_traversal.nasl: script_require_keys("www/iis");
> iis_dos_ussrback.nasl: script_require_keys("www/iis");
> iis_dot_cnf.nasl: script_require_keys("www/iis");
> iis_frag_disclosure.nasl: script_require_keys("www/iis");
> iis_ida_isapi.nasl: script_require_keys("www/iis");
> iis_isapi_overflow.nasl: script_require_keys("www/iis");
> iis_malformed_request.nasl: script_require_keys("www/iis");
> iis_perl_problem.nasl: script_require_keys("www/iis");
> iis_propfind2.nasl: script_require_keys("www/iis");
> iis_propfind_dos.nasl: script_require_keys("www/iis");
> iis_repost_asp.nasl: script_require_keys("www/iis");
> iis_samples.nasl: script_require_keys("www/iis");
> iis_scripts.nasl: script_require_keys("www/iis");
> iis_shtml_cross_site.nasl: script_require_keys("www/iis");
> iis_viewcode.nasl: script_require_keys("www/iis");
> iis_webdav_lock_memory_leak.nasl:script_require_keys("www/iis");
>
>
> To me this shows a clear decision by the author(s) to trust the web server
> banner. If you dont trust the banner, you can turn optimization off.
>
>
dependency on www/iis kb. On my production NESSUS box (1.0.9 on Linux), I
don't note the "www/iis" in any of the NASL scripts. On my devel box (1.1.2
on BSD) I also do not note the www/iis string. Might this be something that
Renaud is adding to the most recent devel version?
Renaud?
However, I do agree with all that you've stated below. I don't (and never
will) turn on the optimization....But that's my choice, and it's nice to have
those choices :-)
John Lampe
On Tuesday 28 August 2001 11:11, you wrote:
> All of these plugins only run if the server is IIS:
>
> $ grep 'www/iis' *
>
> iis_anything_idq.nasl: script_require_keys("www/iis");
> iis_authentification_manager.nasl: script_require_keys("www/iis");
> iis_bdir.nasl: script_require_keys("www/iis");
> iis_buffer_overflow.nasl: script_require_keys("www/iis");
> iis_crash.nasl: script_require_keys("www/iis");
> iis_decode_bug.nasl: script_require_keys("www/iis");
> iis_dir_traversal.nasl: script_require_keys("www/iis");
> iis_dos_ussrback.nasl: script_require_keys("www/iis");
> iis_dot_cnf.nasl: script_require_keys("www/iis");
> iis_frag_disclosure.nasl: script_require_keys("www/iis");
> iis_ida_isapi.nasl: script_require_keys("www/iis");
> iis_isapi_overflow.nasl: script_require_keys("www/iis");
> iis_malformed_request.nasl: script_require_keys("www/iis");
> iis_perl_problem.nasl: script_require_keys("www/iis");
> iis_propfind2.nasl: script_require_keys("www/iis");
> iis_propfind_dos.nasl: script_require_keys("www/iis");
> iis_repost_asp.nasl: script_require_keys("www/iis");
> iis_samples.nasl: script_require_keys("www/iis");
> iis_scripts.nasl: script_require_keys("www/iis");
> iis_shtml_cross_site.nasl: script_require_keys("www/iis");
> iis_viewcode.nasl: script_require_keys("www/iis");
> iis_webdav_lock_memory_leak.nasl:script_require_keys("www/iis");
>
>
> To me this shows a clear decision by the author(s) to trust the web server
> banner. If you dont trust the banner, you can turn optimization off.
>
>