[prev in list] [next in list] [prev in thread] [next in thread]
List: nessus
Subject: Re: two scripts generating uninformative messages
From: Pavel Kankovsky <peak () argo ! troja ! mff ! cuni ! cz>
Date: 2002-01-31 22:30:22
[Download RAW message or body]
On Thu, 31 Jan 2002, Hugo van der Kooij wrote:
> On Thu, 31 Jan 2002, Pavel Kankovsky wrote:
>
> > ftpglob.nasl:
> > when it cannot verify the vuln but sees a suspicious banner, it announces
> > "We weren't able to login into the ftp server but the banner indicates
> > that you might be running a vulnerable version: [BANNER]" and nothing
> > else
>
> What do you want added? And how will you obtain that information?
> I think the message is crystal clear and right on target. There is simmply
> no more information to be obtained.
It does not mention what kind of vulnerability it talks about. I don't
think people are expected to look up scripts by their id and deteremine
what was really tested (on a regular basis). :)
On Thu, 31 Jan 2002, Renaud Deraison wrote:
> These two plugins have already been modified in the CVS tree (a while
> ago) to actually report interesting messages.
Are you sure?
kazaa_morpheus_detect.nasl (CVS version 1.4):
report = string(desc["english"], "\n\n", buf);
security_hole(data:buf, port:port);
^^^
OTOH, ftpglob.nasl appears to be fixed. I'd say I checked the CVS
version. Must have been one of those days when I see things that
don't exist and vice versa... :)
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic