Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: nessus scan - epmap (135/tcp)
From: m sesser <security () sesser eu>
Date: Fri, 19 Dec 2008 16:34:56 +0100

hi,

thanks for all answers!

you're right - nessus is a bit outdated
but it's the standard package in my ubuntu repository

a small google research leads to the following nessus options:
uncheck: "optimize the test" and "Safe checks"
but my systems are still vulnerable on epmap (135/tcp)

i tested with metasploit: my systems are not vulnerable according to it.
for proof, i also tested a unpatched w2k sp4 server system in a vm.
--> exploit success

what about other (open source) security/vulnerability scanners?
openvas?

wmic is not available on w2k
can i simply copy the file(s) from a w2k3 system?

rgds,
markus


m sesser schrieb:
hi list,

some nessus scans have the following result:

Vulnerability found on port epmap (135/tcp)
 The remote host is running a version of Windows which has a flaw in
 its RPC interface which may allow an attacker to execute arbitrary code
 and gain SYSTEM privileges. There is at least one Worm which is
 currently exploiting this vulnerability. Namely, the MsBlaster worm.

Solution: see http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
      Risk factor : High
      CVE : CAN-2003-0352
      BID : 8205
      Other references : IAVA:2003-A-0011
      Nessus ID : 11808



the microsoft link leads to a scanner which should show, if a system is patched or not:
http://support.microsoft.com/kb/827363/EN-US/

--> result: system is patched

C:KB824146Scan.exe <hostname>
Microsoft (R) KB824146 Scanner Version 1.00.0257 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
<+> Starting scan (timeout = 5000 ms)
Checking hostname
hostname: patched with both KB824146 (MS03-039) and KB823980 (MS03-0
<-> Scan completed
Statistics:
  Patched with both KB824146 (MS03-039) and KB823980 (MS03-026) .... 1
  Patched with only KB823980 (MS03-026) ............................ 0
  Unpatched ........................................................ 0
  TOTAL HOSTS SCANNED .............................................. 1

  DCOM Disabled .................................................... 0
  Needs Investigation .............................................. 0
  Connection refused ............................................... 0
  Host unreachable ................................................. 0
  Other Errors ..................................................... 0
  TOTAL HOSTS SKIPPED .............................................. 0
  TOTAL ADDRESSES SCANNED .......................................... 1


which tool is right?
is there a 3rd-party tool to test?
is nessus (2.2.9 ubuntu) state of the art?

thanks,
markus


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]