Hi,
running this plugin on its own (with safe checks enabled) against a Win2K pro
host that does not have last Tuesday's updates applied causes a reproducible BSOD.
[Wed Jun 22 11:17:24 2005][31392] user nessus starts a new scan. Target(s) :
xxxx, with max_hosts = 15 and max_checks = 4
[Wed Jun 22 11:17:24 2005][31392] user nessus : testing xxxx (1.2.3.4) [31425]
[Wed Jun 22 11:17:24 2005][31425] user nessus : launching find_service.nes
against risk [31426]
[Wed Jun 22 11:17:25 2005][31425] find_service.nes (process 31426) finished
its job in 0.195 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching cifs445.nasl against
risk [31427]
[Wed Jun 22 11:17:25 2005][31425] cifs445.nasl (process 31427) finished its
job in 0.422 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching
netbios_name_get.nasl against risk [31428]
[Wed Jun 22 11:17:25 2005][31425] netbios_name_get.nasl (process 31428)
finished its job in 0.104 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching
smb_nativelanman.nasl against risk [31429]
[Wed Jun 22 11:17:25 2005][31425] smb_nativelanman.nasl (process 31429)
finished its job in 0.138 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching smb_kb896422.nasl
against risk [31430]
[Wed Jun 22 11:17:55 2005][31425] smb_kb896422.nasl (process 31430) finished
its job in 30.195 seconds
[Wed Jun 22 11:17:55 2005][31425] Finished testing risk. Time : 31.18 secs
[Wed Jun 22 11:17:55 2005][31392] user nessus : test complete
[Wed Jun 22 11:17:56 2005][31392] user nessus : Kept alive connection
[Wed Jun 22 11:23:41 2005][31392] Communication closed by client
The host dies just after 11:17:25.
The version of this plugin that checks the registry correctly identifies that
the fix for MS05-027 is missing.
I can provide an export of HKLM\SOFTWARE\Microsoft\Updates\Windows 2000
if the authors want to check the exact list of patches applied, I believe
all SPs and security updates except the ones released last Tuesday have
been installed.
I would suggest to changing the category of this plugin to destructive...
Regards,
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
running this plugin on its own (with safe checks enabled) against a Win2K pro
host that does not have last Tuesday's updates applied causes a reproducible BSOD.
[Wed Jun 22 11:17:24 2005][31392] user nessus starts a new scan. Target(s) :
xxxx, with max_hosts = 15 and max_checks = 4
[Wed Jun 22 11:17:24 2005][31392] user nessus : testing xxxx (1.2.3.4) [31425]
[Wed Jun 22 11:17:24 2005][31425] user nessus : launching find_service.nes
against risk [31426]
[Wed Jun 22 11:17:25 2005][31425] find_service.nes (process 31426) finished
its job in 0.195 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching cifs445.nasl against
risk [31427]
[Wed Jun 22 11:17:25 2005][31425] cifs445.nasl (process 31427) finished its
job in 0.422 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching
netbios_name_get.nasl against risk [31428]
[Wed Jun 22 11:17:25 2005][31425] netbios_name_get.nasl (process 31428)
finished its job in 0.104 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching
smb_nativelanman.nasl against risk [31429]
[Wed Jun 22 11:17:25 2005][31425] smb_nativelanman.nasl (process 31429)
finished its job in 0.138 seconds
[Wed Jun 22 11:17:25 2005][31425] user nessus : launching smb_kb896422.nasl
against risk [31430]
[Wed Jun 22 11:17:55 2005][31425] smb_kb896422.nasl (process 31430) finished
its job in 30.195 seconds
[Wed Jun 22 11:17:55 2005][31425] Finished testing risk. Time : 31.18 secs
[Wed Jun 22 11:17:55 2005][31392] user nessus : test complete
[Wed Jun 22 11:17:56 2005][31392] user nessus : Kept alive connection
[Wed Jun 22 11:23:41 2005][31392] Communication closed by client
The host dies just after 11:17:25.
The version of this plugin that checks the registry correctly identifies that
the fix for MS05-027 is missing.
I can provide an export of HKLM\SOFTWARE\Microsoft\Updates\Windows 2000
if the authors want to check the exact list of patches applied, I believe
all SPs and security updates except the ones released last Tuesday have
been installed.
I would suggest to changing the category of this plugin to destructive...
Regards,
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028