Re: nessus scan - epmap (135/tcp)



What i recommend doing is looking into that nessus plugin and reviewing the code
for what exactly its looking at.

It could be seeing a reg entry, or a file version to base its claim on.
I had a similar problem in the past so I changed the plugin that gave
me so many problems to look
for something different based on my environment. I still got a few
false positives but
it did make life much easier.





On Thu, Dec 18, 2008 at 8:43 AM, m sesser <security@xxxxxxxxx> wrote:
hi list,

some nessus scans have the following result:

Vulnerability found on port epmap (135/tcp)
The remote host is running a version of Windows which has a flaw in
its RPC interface which may allow an attacker to execute arbitrary code
and gain SYSTEM privileges. There is at least one Worm which is
currently exploiting this vulnerability. Namely, the MsBlaster worm.

Solution: see
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
Risk factor : High
CVE : CAN-2003-0352
BID : 8205
Other references : IAVA:2003-A-0011
Nessus ID : 11808



the microsoft link leads to a scanner which should show, if a system is
patched or not:
http://support.microsoft.com/kb/827363/EN-US/

--> result: system is patched

C:KB824146Scan.exe <hostname>
Microsoft (R) KB824146 Scanner Version 1.00.0257 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
<+> Starting scan (timeout = 5000 ms)
Checking hostname
hostname: patched with both KB824146 (MS03-039) and KB823980 (MS03-0
<-> Scan completed
Statistics:
Patched with both KB824146 (MS03-039) and KB823980 (MS03-026) .... 1
Patched with only KB823980 (MS03-026) ............................ 0
Unpatched ........................................................ 0
TOTAL HOSTS SCANNED .............................................. 1

DCOM Disabled .................................................... 0
Needs Investigation .............................................. 0
Connection refused ............................................... 0
Host unreachable ................................................. 0
Other Errors ..................................................... 0
TOTAL HOSTS SKIPPED .............................................. 0
TOTAL ADDRESSES SCANNED .......................................... 1


which tool is right?
is there a 3rd-party tool to test?
is nessus (2.2.9 ubuntu) state of the art?

thanks,
markus

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • RE: nessus returning an empty report
    ... Try scanning the local host. ... if all else fails post to the Nessus list. ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • nessus scan - epmap (135/tcp)
    ... As somebody has already pointed out, the version of Nessus is a little ... Nessus (as well as other true vulnerability ... passive vuln scanner for this), but that they do not actively exploit the ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • Re: Pen testing web servers
    ... I have tried Nessus. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: Pen testing web servers
    ... I have tried Nessus. ... Security Trends Report from Cenzic ... Stay Ahead of the Hacker Curve! ...
    (Pen-Test)
  • Re: nessus scan - epmap (135/tcp)
    ... some nessus scans have the following result: ... Vulnerability found on port epmap ... Namely, the MsBlaster worm. ... Security Trends Report from Cenzic ...
    (Pen-Test)