Your message dated Sat, 29 Aug 2009 10:00:13 +0100
with message-id <[email protected]>
and subject line Package nessus-plugins has been removed from Debian
has caused the Debian Bug report #143106,
regarding Null passwords might not be considered as a security hole.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
143106: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=143106
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nessus-plugins
Severity: normal
Tags: patch
Hi
I have a small patch that makes the smb-login code a bit
better at determine if it is a security hole or not. In most
cases NULL passwords for a computer is not a security hole. The
security hole is if it can access more than just the machine.
The patch is attached.
Regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ [email protected] Björnkärrsgatan 5 A.11 \
| [email protected] 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- smb_login.nasl.opal Tue Apr 16 08:37:49 2002
+++ smb_login.nasl Tue Apr 16 09:42:43 2002
@@ -413,7 +413,12 @@
report = report + string("\n. All the smb tests will be done as '",
l[g_index], "'/'",
p[g_index], "'");
- security_hole(port:139, data:report);
+ if (strlen(l[g_index])) {
+ security_hole(port:139, data:report);
+ }
+ else {
+ security_warning(port:139, data:report);
+ }
}
--- End Message ---
--- Begin Message ---
Version: 2.2.11-1+rm
You filled the bug http://bugs.debian.org/143106 in Debian BTS
against the package nessus-plugins. I'm closing it at *unstable*, but it will
remain open for older distributions.
For more information about this package's removal, read
http://bugs.debian.org/534502. That bug might give the reasons why
this package was removed and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
--- End Message ---
