Hi,
I am using the mssmtp_code_execution.nasl plugin to scan our network. The script is identified by:
script_id(15464);
script_bugtraq_id(11374);
script_cve_id("CVE-2004-0840");
script_version ("$Revision: 1.1 $");
name["english"] = "MS SMTP Vulnerability (885881)";
It has correctly identified some Exchange servers, and also some other Windows systems with IIS 6.0 installed, which were indeed vulnerable. However, I am also getting a positive some hosts which are Windows XP workstations with the SMTP component enabled. The port 25 banner is like this:
220 xxx.xxx.xxx.xxx Microsoft ESMTP MAIL Service, Version: 6.0.2600.2180 ready at Mon, 18 Oct 2004 11:29:49 +0200
The "2600" looks to me as a at Windows XP workstation version XP component. This version string will obviously fail the check in this script, because it checks for versions < 6.0.3790 or < 6.0.3790.211.
However I think this shouldn't fail, because in the MS04-035 bulletin I read:
Non-Affected Software:
(...)
- Microsoft Windows XP, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
(...)
Tested Microsoft Windows and Exchange components:
(...)
- Microsoft Windows XP SMTP component, Microsoft Windows XP Service Pack 1 SMTP component, and Microsoft Windows XP Service Pack 2 SMTP component
Can anyone tell me if this is a false positive?
Regards,
Robbert Kouprie
I am using the mssmtp_code_execution.nasl plugin to scan our network. The script is identified by:
script_id(15464);
script_bugtraq_id(11374);
script_cve_id("CVE-2004-0840");
script_version ("$Revision: 1.1 $");
name["english"] = "MS SMTP Vulnerability (885881)";
It has correctly identified some Exchange servers, and also some other Windows systems with IIS 6.0 installed, which were indeed vulnerable. However, I am also getting a positive some hosts which are Windows XP workstations with the SMTP component enabled. The port 25 banner is like this:
220 xxx.xxx.xxx.xxx Microsoft ESMTP MAIL Service, Version: 6.0.2600.2180 ready at Mon, 18 Oct 2004 11:29:49 +0200
The "2600" looks to me as a at Windows XP workstation version XP component. This version string will obviously fail the check in this script, because it checks for versions < 6.0.3790 or < 6.0.3790.211.
However I think this shouldn't fail, because in the MS04-035 bulletin I read:
Non-Affected Software:
(...)
- Microsoft Windows XP, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
(...)
Tested Microsoft Windows and Exchange components:
(...)
- Microsoft Windows XP SMTP component, Microsoft Windows XP Service Pack 1 SMTP component, and Microsoft Windows XP Service Pack 2 SMTP component
Can anyone tell me if this is a false positive?
Regards,
Robbert Kouprie