Greetings ,
I'm running nessus 2.0.6a on Redhat 8.0. I have being busy sorting out our SQL servers, ensuring that they have the latest SP/Hotfixes etc. Having patched a number of machines both NT4 and W2K, I'm still getting SQL7 servers flagged up with a vulnerability for Hello Overflow (Plugin 11067). This plugin make reference to the MS patch Q316333 from the security bulletin MS02-61. A check on the 'vulnerable' systems show that the patch is indeed installed. Checking the systems with GFI's Languard also show that the system is OK. I've had a look around the archives and there is some discussion relating to this and the 'SQL Slammer' issue back in January, but I couldn't find any resolve. If I just test for the SQL Slammer vulnerability (Plugin 11214) then only the unpatched systems are detected, both plugins make reference to MS02-061 but obviously test for different things.
Anybody point me in the right direction as to where the problem is.
TIA for any comments/pointers.
Regards,
Dick Cardwell
Senior Technical Analyst - Systems Administration
Siemens Communications
Siemens Communications - a division of Siemens plc, Registered No: 727817, England.
Registered office: Siemens House, Oldbury, Bracknell, Berkshire, RG12 8FZ
