Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
serv-u plugin does not seem to be working
yarick at yarick
Dec 30, 2008, 12:05 PM
Post #1 of 4 (3169 views)
Permalink
List,
I think plug-in ftp_servu_overflow.nasl is not
working correctly ( script_id 12037 )

I have can a scan against a server running Serv-U version 2.5 and it
did not show up in the report.
I am able to ftp to the server from the nessus scanner:

220-Serv-U FTP-Server v2.5n for WinSock ready...
220-Welcome to WWW-ESD's FTP Server.
220-The privileges for anonymous FTP users are:

and the version seems to be vulnerable.

I have also tried running the plug-in manually:
/opt/nessus/bin/nasl -t 192.86.99.1
/opt/nessus/lib/nessus/plugins/ftp_servu_overflow.nasl

any help would be greatly appreciated.

--
--Yarick Tsagoyko

Advisory Notice: Email is covered by the Electronic Communications
Privacy Act and is legally privileged, but inherently insecure.
Content may be subject to alteration: email addresses may incorrectly
identify the sender. This email transmission, and any documents,
files, or previous email messages attached to it may be privileged and
confidential, and are intended only for the use of the recipient(s)
named in the address field. If the reader of this message is not an
intended recipient, or the employee or agent responsible to deliver it
to the recipient, you are hereby notified that any dissemination,
distribution, or copying of this message or its contents is strictly
prohibited. If you have received this message in error, please notify
me by telephone or return email and delete it and any attachments from
your computer. Thank you.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: serv-u plugin does not seem to be working [ In reply to ]
theall at tenablesecurity
Dec 30, 2008, 1:19 PM
Post #2 of 4 (3054 views)
Permalink
On Dec 30, 2008, at 3:05 PM, YARICK wrote:

> I think plug-in ftp_servu_overflow.nasl is not
> working correctly ( script_id 12037 )
>
> I have can a scan against a server running Serv-U version 2.5 and it
> did not show up in the report.
> I am able to ftp to the server from the nessus scanner:
>
> 220-Serv-U FTP-Server v2.5n for WinSock ready...
> 220-Welcome to WWW-ESD's FTP Server.
> 220-The privileges for anonymous FTP users are:
>
> and the version seems to be vulnerable.

Thanks for the heads-up, Yarick. The plugin expects banners to have
the string "Serv-U FTP Server". I'll update the plugin shortly to
handle the banner you report.

George
--
theall@tenablesecurity.com



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: serv-u plugin does not seem to be working [ In reply to ]
yarick at yarick
Dec 30, 2008, 3:17 PM
Post #3 of 4 (3035 views)
Permalink
List, can anybody confirm 2.5n is in fact vulnerable ?
thank you.

On Tue, Dec 30, 2008 at 4:19 PM, George A. Theall
<theall@tenablesecurity.com> wrote:
> On Dec 30, 2008, at 3:05 PM, YARICK wrote:
>
>> I think plug-in ftp_servu_overflow.nasl is not
>> working correctly ( script_id 12037 )
>>
>> I have can a scan against a server running Serv-U version 2.5 and it
>> did not show up in the report.
>> I am able to ftp to the server from the nessus scanner:
>>
>> 220-Serv-U FTP-Server v2.5n for WinSock ready...
>> 220-Welcome to WWW-ESD's FTP Server.
>> 220-The privileges for anonymous FTP users are:
>>
>> and the version seems to be vulnerable.
>
> Thanks for the heads-up, Yarick. The plugin expects banners to have
> the string "Serv-U FTP Server". I'll update the plugin shortly to
> handle the banner you report.
>
> George
> --
> theall@tenablesecurity.com
>
>
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>



--
--Yarick Tsagoyko

Advisory Notice: Email is covered by the Electronic Communications
Privacy Act and is legally privileged, but inherently insecure.
Content may be subject to alteration: email addresses may incorrectly
identify the sender. This email transmission, and any documents,
files, or previous email messages attached to it may be privileged and
confidential, and are intended only for the use of the recipient(s)
named in the address field. If the reader of this message is not an
intended recipient, or the employee or agent responsible to deliver it
to the recipient, you are hereby notified that any dissemination,
distribution, or copying of this message or its contents is strictly
prohibited. If you have received this message in error, please notify
me by telephone or return email and delete it and any attachments from
your computer. Thank you.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: serv-u plugin does not seem to be working [ In reply to ]
theall at tenablesecurity
Dec 30, 2008, 4:48 PM
Post #4 of 4 (3045 views)
Permalink
On Dec 30, 2008, at 6:17 PM, YARICK wrote:

> List, can anybody confirm 2.5n is in fact vulnerable ?

According to the first link referenced in the plugin, which points to
a Bugtraq posting, all versions prior to 4.2 are affected by the
overflow involving the "SITE CHMOD" command.

Alternatively, if you are working in a lab or willing to risk crashing
the particular service, you could supply valid credentials and disable
safe checks when running a scan with the plugin in question.

George
--
theall@tenablesecurity.com



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal