Nessus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Plugin 11372

from [Nicolas Pouvesle] [Permanent Link][Original]
To: Nessus <nessus@list.nessus.org>
Subject: Re: Plugin 11372
From: Nicolas Pouvesle <npouvesle@tenablesecurity.com>
Date: Thu, 7 Dec 2006 15:27:24 +0100
Delivered-to: sp-com-lists@consult.net
Delivered-to: nessus-list1@securepoint.com
Delivered-to: nessus@list.nessus.org
In-reply-to: <9B71985304C4914AACE30A5BD6A08771351AEA@sumac.cfs.le.ac.uk>
List-archive: <http://mail.nessus.org/pipermail/nessus>
List-help: <mailto:nessus-request@list.nessus.org?subject=help>
List-id: Discussion of Nessus software <nessus.list.nessus.org>
List-post: <mailto:nessus@list.nessus.org>
List-subscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
References: <9B71985304C4914AACE30A5BD6A08771351AEA@sumac.cfs.le.ac.uk>
Sender: nessus-bounces@list.nessus.org 

On Dec 7, 2006, at 3:17 PM, Nelson, C.M. wrote:


Plugin 11372 reports this about a Mac OS X ftp sever:

"Buffer overflow in FTP server in HPUX 11 and previous allows remote
attackers to execute arbitrary commands by creating a long pathname and calling the STAT command which uses glob to generate long strings. *** 
Nessus reports this vulnerability using only *** information that was
gathered. Use caution *** when testing without safe checks enabled."

(Nessus identifies the target as Mac OS X 10.4.7, the ftp banner says
Mac OS X Server 10.5.5, however, the plugin refers to HPUX 11). Do HPUX and Mac OS X ftp servers have the same possible vulnerability or should 
this plugin alert be ignored for Mac OS X?
I see what could cause a FP. I disabled the safe checks for the moment until we found a better way to do that. 


Thanks,

Nicolas
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Plugin 11372, Nelson, C.M.
    • Re: Plugin 11372, Nicolas Pouvesle <=
Previous by Date:  code d'activation nessus, aicha Founi
Next by Date:  Re: Plugin ID 17997, George A. Theall
Previous by Thread:  Plugin 11372, Nelson, C.M.
Next by Thread:  code d'activation nessus, aicha Founi
Indexes:  [Date] [Thread] [Top] [All Lists]