On Jan 7, 2007, at 1:06 AM, John Scherff wrote:
Nessus returns inconsistent risk ratings when it is able to access
a Windows share.
On a Windows 2003 server, the risk factor is 'None.'
On an AIX server running Samba, the risk factor is 'High / CVSS
Base Score : 7 (AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)'
Both results are returned from Plugin 10396, and the text of the
finding is the same (except that the share names and contents are
different). Each server has both readable and readable/writable
shares. The only difference is that the "service" is 'netbios-ssn
(139/tcp)' on AIX and 'microsoft-ds (445/tcp)' on Windows.
In both cases, Nessus is using credentials and the account it is
using has access to the shares, so it is not a vulnerability.
Is there a way to resolve this discrepancy?
No yet. We are planning to fix this by splitting the test in 2 plugins :
1) checks remote shares with NULL/Guest session -> High
2) checks remote shares with credentials -> None
Regards,
Nicolas
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
