Greetings,
We're noticing this hole against at least the following mail servers,
which seem to be false positives:
220 <host> Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at <date>
220 <host> Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at <date>
If these Microsoft mail servers are actually vulnerable to the DoS,
then perhaps we should change the plugin description to not be
InterScan specific? How can we tell if they're actually vulnerable,
though? Judging from the nasl code, it seems impossible to tell if
the server crashed or if it is being smart by not responding to such
requests. I'm guessing that this is a common problem for DoS plugins.
Should we just treat this as an InterScan-only plugin and add some
banner regex code to make sure it only tests an Interscan server?
I'll gladly code a patch if one is needed. I just want to know which
route to take because I'm sure issues like this have come up before.
Best regards,
Erik Stephens www.edgeos.com
Managed Vulnerability Assessment Services
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
