[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus
Subject:    Re: Nessus reports patches as missing
From:       "Gus Fritschie" <gfritschie () hotmail ! com>
Date:       2006-09-22 14:24:19
Message-ID: BAY118-F34F7A67C71425E69F991C5D5210 () phx ! gbl
[Download RAW message or body]

For example Add/Remove patches shows this patch installed on the 
workstation:
Windowsxp-kb893066

Nessus reported this vulnerability:

Synopsis :

Arbitrary code can be executed on the remote host due to a flaw in the
TCP/IP stack.

Description :

The remote host runs a version of Windows which has a flaw in its TCP/IP
stack.

The flaw may allow an attacker to execute arbitrary code with SYSTEM
privileges on the remote host, or to perform a denial of service attack
against the remote host.

Proof of concept code is available to perform a Denial of Service against
a vulnerable system.

Solution :

Microsoft has released a set of patches for Windows 2000, XP and 2003 :

http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx

Risk factor :
High / CVSS Base Score : 9
(AV:R/AC:L/Au:NR/C:P/A:C/I:P/B:A)
CVE : CVE-2005-0048, CVE-2004-0790, CVE-2004-1060, CVE-2004-0230, 
CVE-2005-0688
BID : 13124, 13116
Other references : IAVA:2005-B-0011, IAVA:2005-B-0012
Nessus ID : 18023

If our patching process is not working correctly I want to notify 
operations, however, I want to be sure that this is not a false-positive.

Thanks!


>From: Renaud Deraison <deraison@nessus.org>
>To: Nessus List <nessus@list.nessus.org>
>Subject: Re: Nessus reports patches as missing
>Date: Fri, 22 Sep 2006 10:06:15 -0400
>
>
>On Sep 22, 2006, at 9:26 AM, Gus Fritschie wrote:
>
>>We ran Nessus with local Administrator rights on a Windows XP SP1  system. 
>>  It reports several patches as missing.  When looking at  add/remove 
>>programs the patch appears to be installed.  Is this a  false-positive?  
>>The patches are pushed out using Patchlink.
>
>Which patches are showing up exactly ?
>
>
>				-- Renaud
>
>
>_______________________________________________
>Nessus mailing list
>Nessus@list.nessus.org
>http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic