Hi,
this plugin matches the ftp banner using the following:
if (egrep(pattern:"WS_FTP Server ([0-4]\.|5\.0\.[0-2][^0-9])", string: banner))
So this will fire on 5.0.0, 5.0.1, 5.0.2 but not 5.0.3 or 5.0.4.
According to http://www.securityfocus.com/bid/11065/ (which is one of the refs
listed in the nasl), 5.0.3 and 5.0.4 (excluding 5.0.4 hotfix 1) are vulnerable.
Suggested bugfix would be
if (egrep(pattern:"WS_FTP Server ([0-4]\.|5\.0\.[0-4][^0-9])", string: banner))
If 5.0.4 Hotfix 1 has a different banner it should be excluded of course...
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
this plugin matches the ftp banner using the following:
if (egrep(pattern:"WS_FTP Server ([0-4]\.|5\.0\.[0-2][^0-9])", string: banner))
So this will fire on 5.0.0, 5.0.1, 5.0.2 but not 5.0.3 or 5.0.4.
According to http://www.securityfocus.com/bid/11065/ (which is one of the refs
listed in the nasl), 5.0.3 and 5.0.4 (excluding 5.0.4 hotfix 1) are vulnerable.
Suggested bugfix would be
if (egrep(pattern:"WS_FTP Server ([0-4]\.|5\.0\.[0-4][^0-9])", string: banner))
If 5.0.4 Hotfix 1 has a different banner it should be excluded of course...
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers