Re: FALSE POSITIVE

Nessus

Re: FALSE POSITIVE

To:	nessus <nessus@list.nessus.org>
Subject:	Re: FALSE POSITIVE
From:	Nicolas Pouvesle <npouvesle@tenablesecurity.com>
Date:	Mon, 4 Jun 2007 17:51:50 +0200
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	nessus@list.nessus.org
In-reply-to:	<169658C0C845EC438759DB8B8BC706540A0D9080@NOC-EXCH1.24hourfit.com>
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
References:	<169658C0C845EC438759DB8B8BC706540A0D9080@NOC-EXCH1.24hourfit.com>
Sender:	nessus-bounces@list.nessus.org


On Jun 4, 2007, at 5:10 PM, John Scherff wrote:

Plugin 25167 appears to be producing false-positives. This pluginis in the "Windows : Microsoft Bulletins" family and tests forMS07-028 (flaw in CAPICOM).
The scan was run against a freshly-installed, fully-patched Windows2003 R2 server with Citrix Presentation Server 4.5 installed.


Could you check the default value in the following registry key ?

value = SOFTWARE\Classes\CAPICOM.Certificates\CLSID

Then get the path in :

"SOFTWARE\Classes\CLSID\"+value+"\InprocServer32"

and finally check the version of the file pointed by the previousregistry key. If this version is smaller than 2.1.0.2 then yourserver is vulnerable (it is possible to access this activex).



Nicolas
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
FALSE POSITIVE, John Scherff Re: FALSE POSITIVE, Nicolas Pouvesle <= RE: FALSE POSITIVE, John Scherff RE: FALSE POSITIVE, John Scherff Re: FALSE POSITIVE, Nicolas Pouvesle RE: FALSE POSITIVE, John Scherff

Previous by Date:	Nessus for Itanium, Sterk, Klaus
Next by Date:	Re: Nessus 2.2.6 does no portscan with all plugins, Michel Arboi
Previous by Thread:	FALSE POSITIVE, John Scherff
Next by Thread:	RE: FALSE POSITIVE, John Scherff
Indexes:	[Date] [Thread] [Top] [All Lists]