Hi,
Looking at [..path]/nessus/logs/nessusd.messages is sometimes better than
verbose option.
Warm Regards
Nitin Shingari
nvshingari@ipolicynetworks.com
-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org] On
Behalf Of nessus-request@list.nessus.org
Sent: Monday, November 20, 2006 10:30 PM
To: nessus@list.nessus.org
Subject: Nessus Digest, Vol 37, Issue 18
Send Nessus mailing list submissions to
nessus@list.nessus.org
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.nessus.org/mailman/listinfo/nessus
or, via email, send a message with subject or body 'help' to
nessus-request@list.nessus.org
You can reach the person managing the list at
nessus-owner@list.nessus.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Nessus digest..."
Today's Topics:
1. Re: Nessus plugins update failure (Ferdy Riphagen)
2. Nessus Scans host without any plugins and port scanners
selected. (tech tech)
3. Application Fingerprinting & Reporting (Asthana, Vishal)
4. Re: Relating CVE IDs in Nessus Plugins (Shingari, Nitin V.)
5. Re: Need assistance in testing Nessus (George A. Theall)
6. Plugin ID : 10930 Question (jfvanmeter@comcast.net)
7. Re: Export/Import Policies with Nessus Windows (George A. Theall)
8. Re: losing configuration (listening interface) when updating
Nessus3 (Renaud Deraison)
9. Re: Nessusd 3.0.3 not updating every 24 hours (George A. Theall)
10. Re: Application Fingerprinting & Reporting (Doug Nordwall)
11. Re: Nessus plugins update failure (George A. Theall)
----------------------------------------------------------------------
Message: 1
Date: Sun, 19 Nov 2006 18:51:11 +0100
From: Ferdy Riphagen <f.riphagen@nsec.nl>
Subject: Re: Nessus plugins update failure
To: nessus@list.nessus.org
Message-ID: <4560998F.4070702@nsec.nl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
try running it as ./nessus-update-plugins -vv (or sh -x
nessus-update-plugins)
too see more info on possible errors.
--Ferdy--
BCC wrote:
> Currently running Nessus 2.2.8
>
> Whenever I try updating the plugins by running
> sh nessus-update-plugins
>
> I get the error error
> Something went wrong when installing the plugins - uncompressing the
> plugins archive failed.
>
> Is there a solution to this problem which seems to prevalent with
> users other than those who have the 3.0 subscription version of nessus?
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
>
>
------------------------------
Message: 2
Date: Mon, 20 Nov 2006 04:48:09 +0000 (GMT)
From: tech tech <techgroupmails@yahoo.com>
Subject: Nessus Scans host without any plugins and port scanners
selected.
To: nessus@list.nessus.org
Message-ID: <20061120044809.51779.qmail@web58616.mail.re3.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
hi..
Nessus: Version 3.0.3
OS: linux
Nessus Client: NessusWX 1.4.5
The problem is that nessus scans host even if any of
the plugins.. port scanners are not selected..
i disabled all the options, disabled all port scanners
as well as pluging. even then scan gets complete and
showing all the vulnerabilities.
What could be the problem..
Thanks
Send instant messages to your online friends http://uk.messenger.yahoo.com
------------------------------
Message: 3
Date: Mon, 20 Nov 2006 11:51:54 +0530
From: "Asthana, Vishal" <vasthana@ipolicynetworks.com>
Subject: Application Fingerprinting & Reporting
To: <nessus@list.nessus.org>
Message-ID:
<D269C7CBDF116A48982D4DC51F111BE3026D9E62@nsezhpmail01.india.ipolicynet.com>
Content-Type: text/plain; charset="us-ascii"
Hi,
Is there any Nessus plugin that helps report Application names and
versions e.g. Internet Explorer, Yahoo, Firefox etc? There are
Application DETECTION plugins for the same but the post-scan operation
does not report the specific Application installed. It only reports FTP
Server, Web Server, Oracle Listener etc.
I have already referred to the following old threads and ensured that
find_service.nes was part of the scan.
http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00302.html
http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00218.html
I have also tried using Nmap scanner instead of the Nessus TCP scanner
with the same results.
http://www.nessus.org/documentation/index.php?doc=nmap-usage
Any pointers would be helpful.
Thanks
Vishal
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061120/f2fae9cd/attachment.html
------------------------------
Message: 4
Date: Mon, 20 Nov 2006 16:53:31 +0530
From: "Shingari, Nitin V." <nvshingari@ipolicynetworks.com>
Subject: Re: Relating CVE IDs in Nessus Plugins
To: <nessus@list.nessus.org>
Message-ID:
<D269C7CBDF116A48982D4DC51F111BE3022F351B@nsezhpmail01.india.ipolicynet.com>
Content-Type: text/plain; charset=US-ASCII
Hi George,
Coincidently there is only One such plug-in.
Namely: smb_nt_ms04-011.nasl
Warm Regards
Nitin Shingari
nvshingari@ipolicynetworks.com
-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of
nessus-request@list.nessus.org
Sent: Tuesday, November 14, 2006 10:30 PM
To: nessus@list.nessus.org
Subject: Nessus Digest, Vol 37, Issue 12
Send Nessus mailing list submissions to
nessus@list.nessus.org
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.nessus.org/mailman/listinfo/nessus
or, via email, send a message with subject or body 'help' to
nessus-request@list.nessus.org
You can reach the person managing the list at
nessus-owner@list.nessus.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Nessus digest..."
Today's Topics:
1. Nessus 3 logging.. (Paul Hanson)
2. any news on profilesRe: Plugin 16192 (Darko Gavrilovic)
3. flash install left part of old version behind (Bob Babcock)
4. Re: flash install left part of old version behind
(George A. Theall)
5. ms msde sql database server version detected incorrectly
(Ward Taylor)
6. False negatives? (felix lin)
7. Relating CVE IDs in Nessus Plugins (Shingari, Nitin V.)
8. Re: False negatives? (George A. Theall)
9. Re: Nessus 3 logging.. (George A. Theall)
10. Re: Information about this scan (George A. Theall)
11. Re: Relating CVE IDs in Nessus Plugins (George A. Theall)
12. Inconsistent results for VNC (Bob Babcock)
13. Re: Inconsistent results for VNC (Michel Arboi)
14. Re: Inconsistent results for VNC (Michel Arboi)
----------------------------------------------------------------------
Message: 1
Date: Mon, 13 Nov 2006 10:40:16 -0600
From: "Paul Hanson" <phanson@us.checkpoint.com>
Subject: Nessus 3 logging..
To: <nessus@list.nessus.org>
Message-ID: <004501c70742$66869340$7292e4d8@ad.checkpoint.com>
Content-Type: text/plain; charset="us-ascii"
Does nessus 3.0 allow for logging of results directly into a MySql
database?
I now various clients support this, but does the server or nesssusd
support
this? It would definitely be nice to fire off cron jobs for scheduled
tests
and then mine a mysql database for reports.
Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061113/8cd6cbd2/at
tachment.html
------------------------------
Message: 2
Date: Mon, 13 Nov 2006 14:13:09 -0500
From: Darko Gavrilovic <darko.gavrilovic@utoronto.ca>
Subject: any news on profilesRe: Plugin 16192
Cc: nessus@list.nessus.org
Message-ID: <4558C3C5.5070404@utoronto.ca>
Content-Type: text/plain; charset=ISO-8859-1
Hi, I snooped through the list archives and web site. Can't seem to
see an update on the pofiles quesitons? Are profiles implemented? Will
they be?
What I would like to do is save plugin combinations with which to scan
hosts. The goal of this is to reduce the length of the reports and make
it a little more presentable to non-techs.
cheers,
dg
------------------------------
Message: 3
Date: Mon, 13 Nov 2006 15:24:58 -0500 (EST)
From: Bob Babcock <rbabcock@cfa.harvard.edu>
Subject: flash install left part of old version behind
To: nessus@list.nessus.org
Message-ID: <200611132024.kADKOwXc028005@cfa0.cfa.harvard.edu>
Scanning a win/xp machine with Windows Nessus, plugin 11952 says the
flash
version is older than 7.0.19.0, but Shavlik says the version is
7.0.68.0.
Looking closer, I find
flash7a.ocx 7.0.68.0
flash.ocx 6.0.79.0
in \windows\system32\macromed\flash. Looks like the install of version
7
didn't remove all of version 6 and the plugin is seeing the old version.
(I modified the plugin to display the version number and got 6.0.79.0.)
The registry entry at
HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\CurrentVersion says
7,0,68,0. Unless there's some way the old, vulnerable flash can be
triggered, I think the plugin should ignore the old file.
------------------------------
Message: 4
Date: Mon, 13 Nov 2006 17:17:07 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: flash install left part of old version behind
To: nessus@list.nessus.org
Message-ID: <4558EEE3.5030102@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Mon, Nov 13, 2006 at 03:24:58PM -0500, Bob Babcock wrote:
> Scanning a win/xp machine with Windows Nessus, plugin 11952 says the
flash
> version is older than 7.0.19.0, but Shavlik says the version is
7.0.68.0.
> Looking closer, I find
> flash7a.ocx 7.0.68.0
> flash.ocx 6.0.79.0
> in \windows\system32\macromed\flash.
Thanks, I modified plugin #11952, which handles detection, to check for
flash7a.ocx before flash.ocx; that should correct this issue.
The change should be available via nessus-update-plugins later tonight.
George
--
theall@tenablesecurity.com
------------------------------
Message: 5
Date: Mon, 13 Nov 2006 16:58:57 -0600
From: Ward Taylor <wardtayl@st-tel.net>
Subject: ms msde sql database server version detected incorrectly
To: nessus@list.nessus.org
Message-ID: <4558F8B1.8070403@st-tel.net>
Content-Type: text/plain; charset=ISO-8859-1
Hi
I find that plugin 11217 incorrectly identifies our msde databases as
being version 8.00.2039 when a "select @@version" on the server returns
8.00.2187. 2187 is the version that it should be with sp4 and hotfix
KB916287 applied. This is on a box with windows xp sp2, and also one
with windows 2000 server, same patches, same report from nessus.
Thanks a lot
------------------------------
Message: 6
Date: Mon, 13 Nov 2006 11:35:02 -0600
From: "felix lin" <rastapong2@gmail.com>
Subject: False negatives?
To: <nessus@list.nessus.org>
Message-ID: <005e01c7074a$0d5c8510$a5962fd8@felixbox>
Content-Type: text/plain; charset="us-ascii"
Running Nessus 3.0.0 on Fedora Core 4. It was working fine, but
recently
started giving false negatives. Specifically, it will only report
vulnerabilities for 11890 (Messenger Service). Using NessusWX client,
which
is telling me that it is scanning more than that port on each host.
Anybody else seen this before?
felix lin
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061113/9e8c05f6/at
tachment.htm
------------------------------
Message: 7
Date: Tue, 14 Nov 2006 11:11:18 +0530
From: "Shingari, Nitin V." <nvshingari@ipolicynetworks.com>
Subject: Relating CVE IDs in Nessus Plugins
To: <nessus@list.nessus.org>
Cc: "Shingari, Nitin V." <nvshingari@ipolicynetworks.com>
Message-ID:
<D269C7CBDF116A48982D4DC51F111BE3022F3510@nsezhpmail01.india.ipolicynet.
com>
Content-Type: text/plain; charset="us-ascii"
Hi,
In Nessus plug-ins CVE IDs are written in script_cve_id (...).
In some plug-ins few CVE IDs are mentioned with IF conditions like:
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0533");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0663");
Can we relate CVE ID with the plug-in if it's mentioned in IF condition
but not in script_cve_id tag?
To make my question clearer, below is the small section of a plug-in:
------------------------------------------------------------------------
-----------------------------------------------------
#
# (C) Tenable Network Security
#
if(description)
{
script_id(12205);
script_bugtraq_id(10111, 10113, 10117, 10119, 10122, 10124, 10125);
script_cve_id( "CVE-2003-0907", "CVE-2003-0908", "CVE-2003-0909",
"CVE-2003-0910", "CVE-2004-0117",
"CVE-2004-0118", "CVE-2004-0119", "CVE-2004-0121");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0533");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0663");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0719");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0806");
if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0906");
if(defined_func("script_xref"))script_xref(name:"IAVA",
value:"2004-A-0006");
script_version("$Revision: 1.17 $");
------------------------------------------------------------------------
-----------------------------------------------------
In the above script "CVE-2003-0533", "CVE-2003-0663"... are not
mentioned in script_cve_id(...) so can we relate these CVE IDs with the
plug-in?
Warm Regards
Nitin Shingari
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061114/bc8dbca0/at
tachment.htm
------------------------------
Message: 8
Date: Tue, 14 Nov 2006 08:44:30 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: False negatives?
To: nessus@list.nessus.org
Message-ID: <4559C83E.7090101@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Mon, Nov 13, 2006 at 11:35:02AM -0600, felix lin wrote:
> Running Nessus 3.0.0 on Fedora Core 4. It was working fine, but
> recently started giving false negatives.
Do you know when the change occurred? What if anything changed in the
Nessus environment (eg, plugin updates, scan configs)? Have you looked
at Nessus' logs and/or KBs for the affected hosts to see if they contain
any clues?
> Specifically, it will only
> report vulnerabilities for 11890 (Messenger Service). Using NessusWX
> client, which is telling me that it is scanning more than that port on
> each host.
Have you verified that the remote hosts are still running additional
services that Nessus should pick up? Is the scanned running afoul of any
sort of IPS? Have you done a packet capture while running a scan to see
what traffic is being exchanged?
George
--
theall@tenablesecurity.com
------------------------------
Message: 9
Date: Tue, 14 Nov 2006 09:29:14 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Nessus 3 logging..
To: nessus@list.nessus.org
Message-ID: <4559D2BA.8060405@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Mon, Nov 13, 2006 at 10:40:16AM -0600, Paul Hanson wrote:
> Does nessus 3.0 allow for logging of results directly into a MySql
> database?
No.
> I now various clients support this, but does the server or nesssusd
> support this? It would definitely be nice to fire off cron jobs for
> scheduled tests and then mine a mysql database for reports.
NessusWX can output results to a MySQL database, but that runs on
Windows and its support of commandline usage is lacking.
The Unix clients can generate SQL statements for the list of plugins on
a server as well as preferences but not results to a database.
You could look into saving results from the Unix commandline client as,
say, NBE, and then using that to populate your database. Inprotect,
http://www.inprotect.com/, is an open-source solution that reportedly
uses this approach.
Or you could go with Security Center,
http://www.tenablesecurity.com/products/sc.shtml, a commercial product
from Tenable.
George
--
theall@tenablesecurity.com
------------------------------
Message: 10
Date: Tue, 14 Nov 2006 10:00:49 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Information about this scan
To: Nessus@list.nessus.org
Message-ID: <4559DA21.7050305@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
On Sat, Nov 11, 2006 at 05:41:20PM +0100, p.0155 wrote:
> Hello everyone, I'm using the latest version of Nessus on Linux
(Fedora
> 5) and WindowsXP.
"Latest version" is confusing... there are currently two branches of
Nessus, 2.2.x and 3.x, and I woudln't be surprised if the latest
packaged version of Nessus for FC5 is not necessarily that same as what
we make available.
> Sometimes my reports displays "Information about this scan" and
> sometimes this information is missing, even if I use the same
> configuration, the same target, the same Nessus server and the same
> Nessus client.
> Can anybody tell me why?
Do you have KB saving enabled? If so, you may want to look at the
various associated settings.
George
--
theall@tenablesecurity.com
------------------------------
Message: 11
Date: Tue, 14 Nov 2006 10:29:02 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Relating CVE IDs in Nessus Plugins
To: nessus@list.nessus.org
Message-ID: <4559E0BE.1060309@tenablesecurity.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
On Tue, Nov 14, 2006 at 11:11:18AM +0530, Shingari, Nitin V. wrote:
> In Nessus plug-ins CVE IDs are written in script_cve_id (...).
>
> In some plug-ins few CVE IDs are mentioned with IF conditions like:
> *if(defined_func("script_xref"))script_xref(name:"CVE",
> value:"CVE-2003-0533");*
>
> *if(defined_func("script_xref"))script_xref(name:"CVE",
> value:"CVE-2003-0663");*
>
> Can we relate *CVE ID *with the plug-in if it's mentioned in IF
> condition but not in *script_cve_id* tag?
Yes. Older versions of Nessus (pre 2.2.x, I believe) had issues if there
were more than 8 ids in a call to script_cve_id(). So if a plugin
corresponded to more than that, additional ones would be added using
script_xref(). The report should still lists all [unless you're running
with a version of Nessus that didn't support script_xref(), which is the
reason for the 'if(defined_func("script_xref"))'].
I'll adjust this particular plugin shortly to collect all the CVE ids
together since no one should be using Nessus 2.0 any longer. If you're
aware of any similar plugins, let me know please.
George
--
theall@tenablesecurity.com
------------------------------
Message: 12
Date: Tue, 14 Nov 2006 11:14:00 -0500 (EST)
From: Bob Babcock <rbabcock@cfa.harvard.edu>
Subject: Inconsistent results for VNC
To: nessus@list.nessus.org
Message-ID: <200611141614.kAEGE0mx004120@cfa0.cfa.harvard.edu>
I'm getting inconsistent results scanning with plugin 19288 (VNC
security
types). Scanning the same machines, I sometimes get:
The remote VNC server chose security type #0 (Invalid)
Any user can connect to it without authentication, and thus take
control of this machine.
and other times get:
The remote VNC server chose security type #2 (VNC authentication)
I'm scanning with Windows Nessus 3.0.4 build W306. Target machines are
Win/2K or Win/XP with RealVNC 3.3.7. I can make VNC connections to the
target machines using a password, and if I try to clear the password
with
this version of VNC, it says it won't accept connections with no
password.
I think I always get security type #0 for localhost.
------------------------------
Message: 13
Date: Tue, 14 Nov 2006 17:46:14 +0100
From: Michel Arboi <mikhail@nessus.org>
Subject: Re: Inconsistent results for VNC
To: rbabcock@cfa.harvard.edu
Cc: nessus@list.nessus.org
Message-ID: <m3u012nfhl.fsf@kissmedeadly.afraid.org>
Content-Type: text/plain; charset="us-ascii"
On Tue Nov 14 2006 at 17:14, Bob Babcock wrote:
> The remote VNC server chose security type #0 (Invalid)
> Any user can connect to it without authentication, and thus take
> control of this machine.
> and other times get:
[snip]
Try applying this patch (or wait for a while and run
nessus-update-plugins). The script should be more robust.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-patch
Size: 527 bytes
Desc: not available
Url :
http://mail.nessus.org/pipermail/nessus/attachments/20061114/550bca9f/at
tachment.bin
------------------------------
Message: 14
Date: Tue, 14 Nov 2006 17:58:59 +0100
From: Michel Arboi <mikhail@nessus.org>
Subject: Re: Inconsistent results for VNC
To: rbabcock@cfa.harvard.edu
Cc: nessus@list.nessus.org
Message-ID: <m3lkmenewc.fsf@kissmedeadly.afraid.org>
Content-Type: text/plain; charset=us-ascii
On Tue Nov 14 2006 at 17:46, Michel Arboi wrote:
> Try applying this patch
Oops. Forget it, I read the code too quickly.
No, the script was fine.
Security type 0 does not exist and should not be returned by a VNC
server. This is odd.
If possible, sniff the trafic...
------------------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
End of Nessus Digest, Vol 37, Issue 12
**************************************
------------------------------
Message: 5
Date: Mon, 20 Nov 2006 09:03:47 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Need assistance in testing Nessus
To: nessus@list.nessus.org
Message-ID: <4561B5C3.8010503@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Fri, Nov 17, 2006 at 02:29:03PM -0800, Christina Davis wrote:
> We have downloaded and installed the free version of Nessus 3 for Windows
> to test in our environment. It looks like it would be a useful tool for
> audit purposes. We are able to run port scans, but not retrieve windows
> user information using the Windows: user management plug in family. We were
> wondering if this is only available with the subscription, or are we
> missing something here..
Nessus 3 for Windows is distributed with checks in the "Windows : User
management" family. Even if you don't have a registered / direct feed,
you can still use them. As Tim Doty already mentioned, make sure you
provide credentials to log on to Windows machines remotely. With the
Windows server, you do this by first adding a new policy and then
editing the settings for credentials as discussed in our white paper here:
http://www.nessus.org/documentation/nessus_credential_checks.pdf
Btw, note that while you can technically continue to use the download,
you will not get any updates / new plugins that we write unless you
register or purchase a direct feed. And our compliance checks are only
available to direct feed customers.
George
--
theall@tenablesecurity.com
------------------------------
Message: 6
Date: Mon, 20 Nov 2006 14:55:09 +0000
From: jfvanmeter@comcast.net
Subject: Plugin ID : 10930 Question
To: nessus@list.nessus.org (Nessus)
Message-ID:
<112020061455.16678.4561C1CD00043EAA0000412622058863609D0A9B0A03020E900006@comcast.net>
Hello everyone
I have some concerns with a scan of a Windows 2003 SP1 Server running McAfee
ePolicy Orchestrtor client 3.5.5.438 the version of Nessus used is 3.0.3 Build
W334 with plug ins update today (Nov 20).
I recieve the following hole reported in both an administrative and a non
administrative scan
(8081/tcp)
It was possible to freeze or reboot Windows by reading a MS/DOS device through
HTTP, using a file name like CON\CON, AUX.htm or AUX.
A cracker may use this flaw to make your system crash continuously, preventing
you from working properly.
Solution: upgrade your system or use a HTTP server that filters those names
out.
Risk Factor : High
CVE : CVE-2001-0386, CVE-2001-0493, CVE-2001-0391, CVE-2001-0558,
CVE-2002-0200, CVE-2000-0168, CVE-2003-0016, CVE-2001-0602
BID : 1043, 2575, 2608, 2622, 2649, 2704, 3929, 6659, 6662
Plugin ID : 10930
It looks like plug in 10930 tries to enumerate a Apache < 2.0.44 CVE-2003-0016
- Apache before 2.0.44, when running on unpatched Windows 9x and Me operating
systems
Can anyone show/point me to a way that I can verify this manually? I believe
this is a false postive, but I believe ePolicy Orchestrtor using some version
of Apache I would like to find out. The server doesn't crash continuously
Telnet shows
HTTP/1.0
Server: Agent-ListenServer-HttpSvr/1.0
Date: Mon, 20 Nov 2006 12:54:16 GMT
Thanks in advance --John
------------------------------
Message: 7
Date: Mon, 20 Nov 2006 10:29:38 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Export/Import Policies with Nessus Windows
To: nessus@list.nessus.org
Message-ID: <4561C9E2.20008@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Wed, Nov 15, 2006 at 04:39:04PM -0500, Steve_Mullen@dai.com wrote:
> I am running Nessus Windows 3.0.4 Build W306 installed on a Windows XP
> workstation. I am planning to install Nessus Windows on a Windows 2003
> Server and would like to export/import the policies I've created. Is
> there a way to do that?
Policies that you've created are stored in 'C:\Documents and
Settings\Administrator\Tenable\Nessus\config', with file type '.conf'.
You can copy them from one Windows server to another without any issues.
George
--
theall@tenablesecurity.com
------------------------------
Message: 8
Date: Mon, 20 Nov 2006 16:32:02 +0100
From: Renaud Deraison <deraison@nessus.org>
Subject: Re: losing configuration (listening interface) when updating
Nessus3
To: Nessus List <nessus@list.nessus.org>
Message-ID: <C8027B76-FABE-43EB-8976-C1833AB00523@nessus.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Hi Martin,
On Nov 12, 2006, at 9:28 PM, Martin MaÄ?ok wrote:
> I need to configure Nessus to listen only on loopback interface and
> the only way (afaik) to do it is editing nessusd startup script. Last
> time I upgraded from Nessus-3.0.2 to Nessus-3.0.4 I overlooked that
> the script was replaced and my Nessus server went accessible from the
> outside.
>
> I would like to be able to set listening interface and be sure that
> when Nessus is upgraded it keeps this configuration. Would it be
> possible to do at least one of the following?
> [...]
> 3) adding nessusd.conf option that sets interface nessusd will listen
> on
We'll add this one in Nessus 3.0.5.
Thanks,
-- Renaud
------------------------------
Message: 9
Date: Mon, 20 Nov 2006 11:32:46 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Nessusd 3.0.3 not updating every 24 hours
To: nessus@list.nessus.org
Message-ID: <4561D8AE.6090007@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Fri, Nov 17, 2006 at 09:21:54AM -0500, Kelly, Jim wrote:
> Nessusd 3.0.3
> It is configured to update plugins every 24 hours, but as you can see
> from November's logs it isn't:
> [Wed Nov 1 08:46:53 2006][10796] nessusd-update: started. Will update
> plugins every 24 hours
> [Sun Nov 5 04:37:32 2006][12934] nessusd-update: started. Will update
> plugins every 24 hours
...
> Now I'm not sure what, if anything, I should be looking for in
> nessusd.dump. Can anyone tell me what could be causing this?
Was nessusd running during this time? [For example, what do you see if
you grep nessusd.messages for "started"?] Do you see "nessusd-update" in
the list of running processes while nessusd itself is running?
George
--
theall@tenablesecurity.com
------------------------------
Message: 10
Date: Mon, 20 Nov 2006 08:44:31 -0800
From: "Doug Nordwall" <raleel@gmail.com>
Subject: Re: Application Fingerprinting & Reporting
To: "Asthana, Vishal" <vasthana@ipolicynetworks.com>
Cc: nessus@list.nessus.org
Message-ID:
<752305c00611200844q4b1b5bebm4dbd9e96293a3724@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Try using a credentialed check. Those will find local applications and tell
you versions. A non-credentialled check normally just hits the ports and can
often only tell version from the banners of externally listening
applications
On 11/19/06, Asthana, Vishal <vasthana@ipolicynetworks.com> wrote:
>
> Hi,
>
>
>
> Is there any Nessus plugin that helps report *Application names and
> versions* e.g. Internet Explorer, Yahoo, Firefox etc? There are
> Application *DETECTION* plugins for the same but the post-scan operation
> does not report the *specific Application installed*. It only reports FTP
> Server, Web Server, Oracle Listener etc.
>
>
>
> I have already referred to the following old threads and ensured that *
> find_service.nes* was part of the scan.
>
>
>
> http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00302.html
>
> http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00218.html
>
>
>
> I have also tried using *Nmap scanner* instead of the Nessus TCP scanner
> with the same results.
>
> http://www.nessus.org/documentation/index.php?doc=nmap-usage
>
>
>
> Any pointers would be helpful.
>
>
>
> Thanks
>
> Vishal
>
>
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
>
--
Doug Nordwall
Unix, Network, and Security Administrator
Noise proves nothing. Often a hen who has merely laid an egg cackles as if
she laid an asteroid. -- Mark Twain
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061120/ca44fb8e/attachment.htm
------------------------------
Message: 11
Date: Mon, 20 Nov 2006 11:45:33 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Nessus plugins update failure
To: nessus@list.nessus.org
Message-ID: <4561DBAD.9070902@tenablesecurity.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Sun, Nov 19, 2006 at 11:18:15AM -0500, BCC wrote:
> Currently running Nessus 2.2.8
>
> Whenever I try updating the plugins by running
> sh nessus-update-plugins
>
> I get the error error
> Something went wrong when installing the plugins - uncompressing the
> plugins archive failed.
That error message suggests you have a version of Nessus older than
2.2.1 installed as well. Remove that or make sure you're calling the
nessus-update-plugins script from 2.2.8.
George
--
theall@tenablesecurity.com
------------------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
End of Nessus Digest, Vol 37, Issue 18
**************************************
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|