Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: Command Line RPC vulnerability scanner?
.

  • To: Chris <[EMAIL PROTECTED]>
  • Subject: RE: Command Line RPC vulnerability scanner?
  • From: Russell Fulton <[EMAIL PROTECTED]>
  • Date: 04 Aug 2003 13:42:48 +1200
  • Cc: [EMAIL PROTECTED]
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]>
.
 
On Sat, 2003-08-02 at 10:54, Chris wrote:

> Scanms returns wrong answer when you disabled DCOM on the target box.
> (run dcomcnfg, uncheck the "Enable Distributed COM on this computer"
> checkbox)

I have noticed the same, not just for the ISS scanner but also for the
eeye scanner and Nessus.  My guess it that the scanners are a bit simple
minded and are not checking that dcom is running before sending a probe.
When they don't get the correct response to the probe they simply assume
it is vulnerable.

I've notified IIS, Eeye and Nessus about the problem.

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.


---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.