Re: Command Line RPC vulnerability scanner?

From: Michael Wright (mcwright_at_dbls.com)
Date: 07/30/03

  • Next message: VanMeter, John: "RE: Command Line RPC vulnerability scanner?" 
    Date: Wed, 30 Jul 2003 14:25:14 -0400
To: JAMIE CRAWFORD <crawford@cmsu1.cmsu.edu>, <incidents@securityfocus.com>

    Yes. ISS provides one for windows:

    "ISS X-Force has developed a tool to scan any specified IP range for
    systems vulnerable to the MS03-26 RPC vulnerability. The scanner
    is non-invasive. It does not need domain credentials to check for the
    patch, nor does it actually fire the exploit. The scanner uses two
    techniques to fingerprint the vulnerability based on behaviors that the
    MS03-026 patch has altered. The scanner also includes a primitive
    OS-ident feature.

    "We feel that this tool may prove to be more accurate that other free
    scanners that have been made available. For more information, please
    visit:"

    http://www.iss.net/support/product_utilities/ms03-026rpc.php

    Be sure to read the page. It isn't 100% accurate.

    On 7/29/03 5:16 PM, "JAMIE CRAWFORD" <crawford@cmsu1.cmsu.edu> wrote:

    > Does anyone know of a command line rpc vulnerability scanner for win32
    > or linux?
    > Tia,
    > jamie
    >
    >
    > Jamie Crawford, MCSE Network Analyst I
    > Information Services
    > Central Missouri State University
    > Warrensburg, MO 64093
    > Phone:6605434357
    > Email:CRAWFORD@CMSU1.CMSU.EDU
    >
    >
    > ---------------------------------------------------------------------------
    > ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: VanMeter, John: "RE: Command Line RPC vulnerability scanner?"

    Relevant Pages

    • Re: What is being a pen tester really like?
      ... Nessus is a vulnerability scanner and using it to ... conduct a test is called a vulnerability assessment. ... Security experts recommend that an annual penetration test be ... This is NOT something Nessus does, ...
      (Pen-Test)
    • EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow
      ... BitDefender Online Scanner 8 Double Decode Heap Overflow ... BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006. ... control from being initialized outside of an authorized domain. ... A remote vulnerability lies within a malformed request sent to ...
      (Bugtraq)
    • Re: MS05-039 Scanner
      ... the worm which made use of pnp bug has bring us lots of trubles,I thought the author of the worm ... Subject: MS05-039 Scanner ... vulnerable systems on a Class B network because really who has ... they cant truly give you a view of vulnerability within your Class B ...
      (Pen-Test)
    • Re: Scanners and unpublished vulnerabilities - Full Disclosure
      ... closer links between the scanner editors and the ... - Create a kind of "Ethical Vulnerability Find ... security scanner actors, ... reactivity (more and more important for customers). ...
      (Pen-Test)
    • Re: A small quandary
      ... >in the field or is it a deliberate attempt to gain access to my clients ... The first log entry was targeted at a vulnerability in the ... AHG Search Engine and, if successful, would have given the scanner the ... file on the target system could be retrieved. ...
      (Incidents)