On Fri, Sep 12, 2003 at 05:26:58PM -0400, Steve Ellis wrote:
> I ran the msrpc_dcom and it came back with success.. I assume that means
> it that the first patch in installed. Can someone confirm my assumption.
"Success" means that the plugin is successful - ie: it considers the
patch as NOT being installed. However, as I repeatedly said, in
command-line this will produce a false positive. When launched from
within nessusd, this plugin "cooperates" with msrprc_dcom2.nasl to avoid
such false positive.
> Then msrpc_dcom2 but this came back with a socket error??? I think it
> should fail or succeed?
It means that it considers that the patch is applied and attempts to
write this fact to the knowledge base. As you are launching the plugin
in command-line, something you should not really do as I said multiple
times before, writing to the KB fails and you get that "socket error".
Once again, to make things clear, if you want to run both msrpc_dcom.nasl
and msrpc_dcom2.nasl, do that from within nessusd, NOT from the 'nasl' tool,
or else you will get false positives.
Also, you should not use msrpc_dcom.nasl at all anyway - you need to
patch your servers. You don't care if an interim patch has been put on
it or not, since MS03-039 is a CUMULATIVE patch. So only run
msrpc_dcom2.nasl.
-- Renaud
