I think that the plug-in should reflect the difference between when IPC$ can and can't be accessed. However, either way, it's still a hole as I now see. Up until now, when RA=2 we were just writing this off as a false positive and ignoring it. I think changes to the plug-in to reflect the difference would avoid this confusion for other people.
Thanks, Nick ----- Original Message ----- From: "Renaud Deraison" <[EMAIL PROTECTED]> To: "Nessus Mailing List (E-mail)" <[EMAIL PROTECTED]> Sent: Thursday, April 11, 2002 3:23 AM Subject: Re: Null Session > On Thu, Apr 11, 2002 at 08:14:16AM +0200, BOUR Daniel wrote: > > I have exactly the same problem. > > Nessus get a Null session vulnerability with RA=2 under W2K. > > When i try a Null connection to the server, it can't connect. > > I'm using nessus 1.0.10, but i had the same problem with previous stable version. > > I try with nessus 1.1.14, he found a Null session vulnerability. > > Is that a false positive in Nessus ? > > No. It turns out that with RA=2, it is possible to log into a remote > host networkwise (meaning that when a null login/password is sent, no > error message is sent back), but nothing else can be done. See that as a > valid unix username/password with /bin/cat has a shell (the point > being that a null session gets past the authentication phase) > > I don't know if I should change the plugin to make sure IPC$ can be > reached. On the one hand, this would fix this inconvenience, but OTOH > maybe we'll discover in the future that a null session with RA=2 > can access a weird pipe or crash the remote server by doing some weird > request or do whatever stuff I don't want to think about. Comments are > welcome. > > > > -- Renaud >
