Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
[2.0.3] ftp_root.nasl - still buggy plus other 2.0.3 weirdness
btx at mojo
Apr 13, 2003, 6:11 AM
Post #1 of 4 (559 views)
Permalink
Hello,

[ftp_root.nasl]

ftp_root.nasl still has the same problem in 2.0.3 as the previous ones did.
Specifically, the line:

pasv = ftp_get_pasv_port(socket:soc);

causes a false negative. When I comment this out, the script works against
wu-ftpd 2.6.2(2) - the one ftp daemon version I have handy. This would
suggest that there's a problem with the ftp_get_pasv_port command, or that
this command is used incorrectly in the script, OR there's a pecularity with
wu-ftpd 2.6.2 that causes this.


[default_account.inc]

I noticed that one of the changes I suggested for default_account.inc got
implemented. Thank you! I am still concerned that systems this won't work
with systems that prompt you for a password even if the password is blank,
but this new version works for me in all of my test machines. I'll post how
to configure solaris so that it prompts you for a password even if it's
blank once I remember how I did it in the first place :)

I also noticed that this gives false positives whenever an account has a
blank password and the script looks for logins based on that account.
Obviously not a huge problem, but definitely solvable.

[oracle9iAS_slashdot_DoS.nasl]

This script (oracle9iAS_slashdot_DoS.nasl) seems to do nothing! Shouldn't
it set a security hole or a kb item or SOMETHING when http_is_dead() is
true?

TIA,
Brian Costello
Re: [2.0.3] ftp_root.nasl - still buggy plus other 2.0.3 weirdness [ In reply to ]
deraison at nessus
Apr 13, 2003, 7:55 AM
Post #2 of 4 (551 views)
Permalink
On Sun, Apr 13, 2003 at 09:11:03AM -0400, Brian Costello wrote:
> Hello,
>
> [ftp_root.nasl]
>
> ftp_root.nasl still has the same problem in 2.0.3 as the previous ones did.
> Specifically, the line:
>
> pasv = ftp_get_pasv_port(socket:soc);

Some ftp server will yell at you if you send a STOR with no data
connection already open, so commenting this command out would not fix
the issue. Send me network traces please.

> [default_account.inc]
>
> I noticed that one of the changes I suggested for default_account.inc got
> implemented. Thank you! I am still concerned that systems this won't work
> with systems that prompt you for a password even if the password is blank,
> but this new version works for me in all of my test machines. I'll post how
> to configure solaris so that it prompts you for a password even if it's
> blank once I remember how I did it in the first place :)
>
> I also noticed that this gives false positives whenever an account has a
> blank password and the script looks for logins based on that account.
> Obviously not a huge problem, but definitely solvable.

The solution slow a lot of things down, so I prefer to let those false
positive go in at this time.


> [oracle9iAS_slashdot_DoS.nasl]
>
> This script (oracle9iAS_slashdot_DoS.nasl) seems to do nothing! Shouldn't
> it set a security hole or a kb item or SOMETHING when http_is_dead() is
> true?

Fixed, thanks.
Re: [2.0.3] ftp_root.nasl - still buggy plus other 2.0.3 weirdness [ In reply to ]
btx at mojo
Apr 14, 2003, 12:50 PM
Post #3 of 4 (546 views)
Permalink
Hello,

> > pasv = ftp_get_pasv_port(socket:soc);
>
> Some ftp server will yell at you if you send a STOR with no data
> connection already open, so commenting this command out would not fix
> the issue. Send me network traces please.

Which format would you like them in - I can send you libpcap / tcpdump
capture files if you'd like. Also, would you like me to post them to the
list, or directly mail to some address?

Once I know which format is suitable, I'll try to get these traces to you
ASAP.

> The solution slow a lot of things down, so I prefer to let those false
> positive go in at this time.

I understand. It's certainly not a big deal either way, since a
passwordless root account is a big enough problem by itself.

>
>
> > [oracle9iAS_slashdot_DoS.nasl]
> >
> > This script (oracle9iAS_slashdot_DoS.nasl) seems to do nothing! Shouldn't
> > it set a security hole or a kb item or SOMETHING when http_is_dead() is
> > true?
>
> Fixed, thanks.

Thank you :)

Brian Costello <btx@calyx.net>
Re: [2.0.3] ftp_root.nasl - still buggy plus other 2.0.3 weirdness [ In reply to ]
deraison at nessus
Apr 14, 2003, 1:00 PM
Post #4 of 4 (550 views)
Permalink
On Mon, Apr 14, 2003 at 03:50:32PM -0400, Brian Costello wrote:
> Hello,
>
> > > pasv = ftp_get_pasv_port(socket:soc);
> >
> > Some ftp server will yell at you if you send a STOR with no data
> > connection already open, so commenting this command out would not fix
> > the issue. Send me network traces please.
>
> Which format would you like them in - I can send you libpcap / tcpdump
> capture files if you'd like. Also, would you like me to post them to the
> list, or directly mail to some address?

You can send them directly to me in libpcap format (make sure to do
tcpdump -s 1500 to capture the whole packets)



Thanks,

-- Renaud

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal