Re: MS05-039 Scanner

From: David Cravshaw (david.cravshaw@gmail.com)
Date: Fri Aug 19 2005 - 16:24:44 EDT

• Next message: William McVey: "Re: Firewall Rule Visualisation"
• Previous message: MacEwen, Jeffrey B.: "RE: MS05-039 Scanner"
• In reply to: Beauford, Jason: "RE: MS05-039 Scanner"
• Next in thread: MacEwen, Jeffrey B.: "RE: MS05-039 Scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Foundstone just released an MS05-039 scanner. It's a little hefty and
weighs in at 53kb (*grin*), but does a pretty good job, apparently.

http://foundstone.com/resources/freetooldownload.htm?file=MS05039Scan.zip
for the direct download or
http://foundstone.com/resources/proddesc/MS05039Scan.htm
for more info.

On 8/18/05, Beauford, Jason <jbeauford@eightinonepet.com> wrote:
> Why not make that scanner public?
>
> Hook us up.
>
> JMB
>
> -----Original Message-----
> From: fatb [mailto:fatb@security.zz.ha.cn]
> Sent: Thursday, August 18, 2005 11:47 AM
> To: Marc Maiffret
> Cc: pen-test@securityfocus.com
> Subject: Re: MS05-039 Scanner
>
> I could not understand why the 05039 scanner is large to 3M.
> my friends has written a 05039 scanner which is 20k size .....
>
> ----- Original Message -----
> From: "Marc Maiffret" <mmaiffret@eeye.com>
> To: <jeff@jeffbryner.com>; <michael_black@comcast.net>;
> <pen-test@securityfocus.com>
> Sent: Wednesday, August 17, 2005 10:18 AM
> Subject: RE: MS05-039 Scanner
>
>
> A quick side note not to confuse MBSA or Shavlik with how Retina or
> others do it. Retina is able to detect the patch as missing, as Shavlik
> and MBSA do, (registry/file, which requires admin creds) but we also are
> able to remotely identify a vulnerable system without requiring
> authenticated credentials. That obviously makes it easier to find
> vulnerable systems on a Class B network because really who has
> credentials for a whole Class B and even if you miraculously did then
> what about all the systems you don't know about that are unmanaged and
> you definitely don't have access too. This is just one reason why stuff
> like MBSA is great for very small shops but is really unreasonable for
> any real network. Shavlik and others obviously are really meant more for
> patching, which means systems you know, so while it's a deficiency that
> they cant truly give you a view of vulnerability within your Class B
> network it's a limitation that is probably something they are not
> meaning to address in the first place, again because they do patch
> management instead of vulnerability management.
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
> http://eEye.com/Blink - End-Point Vulnerability Prevention
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
>
> Important Notice: This email is confidential, may be legally privileged,
> and is for the intended recipient only. Access, disclosure, copying,
> distribution, or reliance on any of it by anyone else is prohibited and
> may be a criminal offense. Please delete if obtained in error and email
> confirmation to the sender.
> -----Original Message-----
> From: Jeff Bryner [mailto:jbryner1@yahoo.com]
> Sent: Tuesday, August 16, 2005 9:29 AM
> To: michael_black@comcast.net; pen-test@securityfocus.com
> Subject: Re: MS05-039 Scanner
>
> > Does anyone know of any available scanners for this vulnerability? I
> > know Tenable has a plugin for Nessus and eEye has a free one for up
>
> I dunno if you've solved this or not, but the tenable ones are usually
> just templates that look for different hotfixes.
>
> The source for this particular one is on their website at:
>
> http://www.nessus.org/plugins/index.php?view=viewsrc&id=19402
>
> and you can see what it looks for.
>
> Assuming you have admin access to this class B network you could use the
> nessus plugin, or script something to mount the admin share and look for
> the hotfix.
>
> Alternatively http://hfnetchk.shavlik.com/ can also check for hotfixes
> remotely again assuming you have admin access.
>
> Jeff.
>
>
>
>
> ------------------------------------------------------------------------
> ------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You
> Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> ------------------------------------------------------------------------
> -------
>
>
> ------------------------------------------------------------------------
> ------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You
> Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> ------------------------------------------------------------------------
> -------
>
>
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Next message: William McVey: "Re: Firewall Rule Visualisation"
• Previous message: MacEwen, Jeffrey B.: "RE: MS05-039 Scanner"
• In reply to: Beauford, Jason: "RE: MS05-039 Scanner"
• Next in thread: MacEwen, Jeffrey B.: "RE: MS05-039 Scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:46 EDT