Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
finger_0.nsal FN
quick at pentest
Oct 19, 2005, 9:27 PM
Post #1 of 2 (942 views)
Permalink
Hi

I guess finger_0.nasl plugin may produces false negative.
If I execute "finger 0@xxx.xxx.xxx.xxx" command against solaris 8 box,
I got the folloing result and got some user account name.

bash-2.05b# finger 0@xxx.xxx.xxx.xxx
[xxx.xxx.xxx.xxx]
Login Name TTY Idle When Where
daemon ??? < . . . . >
bin ??? < . . . . >
sys ??? < . . . . >
test1 ??? < . . . . >
oracle ??? < . . . . >

but I execute "nasl -t xxx.xxx.xx.xxx finger_0.nasl"
I got nothing because this plugin checks if the returning string contain ??? or not.

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: finger_0.nsal FN [ In reply to ]
theall at tenablesecurity
Oct 21, 2005, 4:10 AM
Post #2 of 2 (896 views)
Permalink
On Thu, Oct 20, 2005 at 01:27:40PM +0900, quick@pentest.razor.jp wrote:

> I guess finger_0.nasl plugin may produces false negative.

I changed the plugin so it now reports only if it finds selected
usernames, which should eliminate this type of false positive issue. The
revised plugin should be available through nessus-update-plugins in an
hour or two. Let me know please if that does not fix the issue.

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal