From: John Crowley (jcrowley@wolf.smith.edu)
Date: Thu Sep 11 2003 - 16:28:28 CDT
I may have fixed my own problem. I found the function call and changed it
to return an int:
int checkVulnerable(RAddr) {
instead of
void checkVulnerable(RAddr) {
This let it compile. Will this effect functionality? Seems to run fine
for me.
John Crowley
Smith College
On Thu, 11 Sep 2003, John Crowley wrote:
>
> Hi Mike,
>
> I tried downloading the netreg-mod2 and compiling the rpcscan2.c:
>
> [root@netreg netreg-mod2]# gcc -o rpcscan2 rpcscan2.c
> rpcscan2.c:251: warning: type mismatch with previous implicit declaration
> rpcscan2.c:244: warning: previous implicit declaration of
> `checkVulnerable'
> rpcscan2.c:251: warning: `checkVulnerable' was previously implicitly
> declared to return `int'
>
> This sounds somewhat easily fixed by someone who knows C (I hope). Anyone
> gotten this to compile?
>
> And thanks a million for getting this new scanner out so soon. I've
> already got people with fully patched systems hitting our 'you are
> vulnerable' page because of the newest patch.
>
> John Crowley
> Smith College
>
>
> On Thu, 11 Sep 2003 Mike.Lang@uconn.edu wrote:
>
> > It took all morning but worth the wait...
> >
> >
> >
> > Hi all,
> >
> > Here are two new Linux command-line scanners that you can use to find
> > hosts
> > that are vulnerable to both MS03-026 (old) and MS03-039 (new). If you are
> > using NetReg Scanner in your network you should upgrade to this latest
> > version as soon as is resonable. These scanners should now work as well
> > as
> > the recently updated Microsoft and EEye scanners.
> >
> > rpcscan2.c - The new code you should use in your NetReg Scanner to
> > properly
> > detect hosts that are vulnerable to MS03-039. It returns results that
> > only
> > make sense to NetReg Scan (1 or 0). It should compile on most Linux
> > distros with the following command: gcc -o rpcscan2 rpcscan2.c
> >
> > http://security.uconn.edu/netregscan/rpcscan2.c
> >
> > rpcscan_range2.c - A command-line Linux scanner that accepts address
> > ranges
> > instead of just a single address. It is the fastest way we have found to
> > scan Class C size networks. It returns more human-readable results than
> > rpcscan2.c. It should compile on most Linux distros with the following
> > command: gcc -o rpcscan_range2 rpcscan_range2.c
> >
> > http://security.uconn.edu/netregscan/rpcscan_range2.c
> >
> > (We would love for someone to hack that to scan Class Bs.)
> >
> > We have also updated the jumppage.cgi that is the heart of the NetReg
> > Scanner. It references the updated scanner to return proper results. It
> > is bundled with the rpcscan2.c into a single bzipped file.
> >
> > http://security.uconn.edu/netregscan/jumppage.cgi.txt
> > http://security.uconn.edu/netregscan/netreg-mod2.tar.bz2
> >
> > If you have questions or comments about these tools please direct them to
> > security@uconn.edu. We tried to get them out as fast as possible, but we
> > also tried to test them fairly thoroughly.
> >
> > Thanks to Mike Lang and Keith Bessette of the University of Connecticut,
> > Josh Richard of the University of Minnesota-Duluth, and anyone else I may
> > have missed.
> >
> > Phil
> >
> > PS - Nessus plugin ID 11835 should detect the new vulnerability if you are
> > using that:
> >
> > http://cgi.nessus.org/plugins/dump.php3?id=11835
> >
> > =======================================
> > Philip A. Rodrigues
> > Network Analyst, UITS
> > University of Connecticut
> >
> > email: phil.rodrigues@uconn.edu
> > phone: 860.486.3743
> > fax: 860.486.6580
> > web: http://www.security.uconn.edu
> > =======================================
> >
> >
> >
> > **********************************************************************
> > To unsubscribe from this list, send an e-mail message to
> > majordomo@southwestern.edu containing a single line with the words:
> > unsubscribe netreg
> > Send requests for assistance to: owner-netreg@southwestern.edu
> > **********************************************************************
> >
>
>
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:41 CDT