Re: Sans top 20

Wed, 10 Dec 2003 16:03:28 -0800 

On Tue, Dec 09, 2003 at 10:35:02AM +0000, Paul Johnston wrote:

> Does anyone know how many of the Sans top 20 Nessus can detect when run 
> non-destructive and without domain credentials?

I suppose the answer depends on two things: 

o What you're actually looking at - a CVE ID or one of the higher level 
  "vulnerability" classifications such as "W3 Windows Authentication"

o How well you identify plugins to scan for vulnerabilities. For 
  example, compare the config file Tenable Security generated to check
  against the latest list (see <http://cvsweb.nessus.org/cgi-bin/
  cvsweb.cgi/nessus-core/doc/Top20-2003>) with what my
  update-nessusrc. The reason for the differences rests in things like
  limitations in the length of the argument to script_cve_id and
  the fact that the SANS List doesn't provide CVE IDs for all
  vulnerabilities.

Still, if you're content to look at CVE IDs and use my update-nessusrc
script, here's an answer:

The latest SANS List holds 338 CVE IDs, of which 229 are tested for by a
plugin (or rather, are listed in script_cve_id) of some type from a
recent update.  Restricting plugins to non-DoS plugins causes 10 CVE IDs
to be missed:

    iis_asp_overflow.nasl      - CAN-2002-0079, CAN-2002-0147
    iis_htr_overflow.nasl      - CAN-2002-0071, CAN-2002-0364
    knfs_dos.nasl              - CVE-2000-0344
    mountd_overflow.nasl       - CVE-1999-0002
    mssql_hello_overflow.nasl  - CAN-2002-1123
    mssqlserver_dos.nasl       - CVE-1999-0999
    rpc_xdrmem_bytes.nasl      - CAN-2003-0028
    smb_crash_winlogon.nasl    - CVE-2000-0377

while excluding plugins that require domain credentials causes 14 to
be missed:

    mssql_version.nasl         - CAN-2000-1081, CVE-2000-0202,
                                 CVE-2000-0485, CAN-2000-1087,
                                 CAN-2000-1088, CAN-2002-0982
                                 CAN-2001-0542, CVE-2001-0344
    smb_nt_ms02-003.nasl       - CVE-2002-0049
    smb_nt_ms02-030.nasl       - CVE-2002-0186, CAN-2002-0186, CAN-2002-0187
    smb_nt_ms02-040.nasl       - CAN-2003-0353
    smb_nt_ms02-052.nasl       - CAN-2002-1258

Hope this helps,

George
-- 
[EMAIL PROTECTED]

Attachment: pgp00000.pgp
Description: PGP signature

_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to