[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[port139ml:03825] Scanms

To: port139ml@xxxxxxxxxxxxx
Subject: [port139ml:03825] Scanms
From: Makoto Shiotsuki <shio@xxxxxxxxxxxx>
Date: Thu, 31 Jul 2003 14:40:41 +0900

ISSのScanmsですが、W2K(SP4)においてdcomcnfgで「このコンピュータ上で
分散COMを有効にする」がオフの場合、パッチを適用していても[VULN]と
表示されてしまいます。

●「DCOM有効」がオンの場合 → 正判定

D:\>scanms 192.168.183.129
--- ScanMs Tool --- (c) 2003 Internet Security Systems ---
 Scans for systems vulnerable to MS03-026 vuln
 More accurate for WinXP/Win2k, less accurate for WinNT
 ISS provides no warrantees for any purpose
 Use at own risk. Runs best from WinXP.
IP Address              REMACT  SYSACT  DCOM Version
-----------------------------------------------------
192.168.183.129         [ptch]  [ptch]  5.6

●「DCOM有効」がオフの場合 → 誤判定

D:\>scanms 192.168.183.129
--- ScanMs Tool --- (c) 2003 Internet Security Systems ---
 Scans for systems vulnerable to MS03-026 vuln
 More accurate for WinXP/Win2k, less accurate for WinNT
 ISS provides no warrantees for any purpose
 Use at own risk. Runs best from WinXP.
IP Address              REMACT  SYSACT  DCOM Version
-----------------------------------------------------
192.168.183.129         [VULN]  [VULN]  5.6

皆さんのところではいかがでしょう?

塩月

Follow-Ups:
- [port139ml:03826] Re: Scanms
  - From: Akira Ryowa

Prev by Date: [port139ml:03824] Re: Tripwire の証拠利用
Next by Date: [port139ml:03826] Re: Scanms
Previous by thread: [port139ml:03824] Re: Tripwire の証拠利用
Next by thread: [port139ml:03826] Re: Scanms
Index(es):
- Date
- Thread