On Tue, Jun 10, 2003 at 05:27:24PM +0100, Yeomans, Andrew wrote:
> Much better results with smb_nt_ms03-005.nasl version 1.3!
> All the reports of hotfixes not being applied went away.
>
> I think some tests still wrongly report vulnerabilities, though.
> In particular I'm inclined to disbelieve the following three reports:-
>
> 1 Vulnerability found on port netbios-ssn (139/tcp) :
>
> It was possible to log into the remote host using a NULL session.
> The concept of a NULL session is to provide a null username and
> a null password, which grants the user the 'guest' access
>
> To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
> Q246261 (Windows 2000).
> Note that this won't completely disable null sessions, but will
> prevent them from connecting to IPC$
> Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
Null sessions are still enabled with Win2003 - you can't do much through
them though (it's not even possible to enumerate the list of users any
more), but it's not a false positive.
> 2 Vulnerability found on port netbios-ssn (139/tcp) :
>
> The Microsoft Locate service is a name server that maps logical
> names to network-specific names.
False positive, fixed.
> 3 Warning found on port netbios-ssn (139/tcp)
>
> The remote host is running a version of the shlwapi.dll which crashes
> when processing a malformed HTML form.
Officially, the flaw has not been fixed yet (in any version of Windows).
> Also the following shouldn't be an issue on Win2003, is it possible for the
> test to check better on Win2003?
Fixed.
-- Renaud
