Greetings,
Against dead IPs, the "Cumulative Security Update for Outlook Express
(823353)" plugin is raising a security note that the hotfix could not
be verified. In the hotfix_missing function defined in
smb_hotfixes.inc, there is this chunk of code:
if ( report_verbosity > 0 )
{
note = "The presence of the hotfix " + name + " could not be verified.";
security_note(port:get_kb_item("SMB/transport"), data:note);
return -1;
}
The report_verbosity is set to whatever the default is. Regardless of
report_verbosity, should this method actually raise a security note if
the IP is dead? I don't know of a good solution other than removing
these lines from smb_hotfixes.inc.
Best regards,
Erik Stephens www.edgeos.com
Managed Vulnerability Assessment Services
Against dead IPs, the "Cumulative Security Update for Outlook Express
(823353)" plugin is raising a security note that the hotfix could not
be verified. In the hotfix_missing function defined in
smb_hotfixes.inc, there is this chunk of code:
if ( report_verbosity > 0 )
{
note = "The presence of the hotfix " + name + " could not be verified.";
security_note(port:get_kb_item("SMB/transport"), data:note);
return -1;
}
The report_verbosity is set to whatever the default is. Regardless of
report_verbosity, should this method actually raise a security note if
the IP is dead? I don't know of a good solution other than removing
these lines from smb_hotfixes.inc.
Best regards,
Erik Stephens www.edgeos.com
Managed Vulnerability Assessment Services