From f26d82b3fcb108075f46c00a0126620b88fce0f1 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 18 Oct 2012 04:28:11 +0000
Subject: [PATCH] Update the status code name in smb-check-vulns.

The checks for conficker and ms08_067 check for a specific status code
of 0x00000057, but do so by the name mapping to this value rather than
by value.

The name of this value was change from NT_STATUS_WERR_UNKNOWN_57 to
NT_STATUS_WERR_INVALID_PARAMETER in r24847, breaking these tests because
they were still searching for the "UNKNOWN_57" string.

This error was reported by Kit Peters.
http://seclists.org/nmap-dev/2012/q4/125
---
 scripts/smb-check-vulns.nse | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/smb-check-vulns.nse b/scripts/smb-check-vulns.nse
index 151d14ca7..7dbe4b93b 100644
--- a/scripts/smb-check-vulns.nse
+++ b/scripts/smb-check-vulns.nse
@@ -182,7 +182,7 @@ function check_ms08_067(host)
 	msrpc.stop_smb(smbstate)
 
 	if(status == false) then
-		if(string.find(netpathcompare_result, "UNKNOWN_57") ~= nil) then
+		if(string.find(netpathcompare_result, "WERR_INVALID_PARAMETER") ~= nil) then
 			return true, INFECTED
 		elseif(string.find(netpathcompare_result, "INVALID_NAME") ~= nil) then
 			return true, PATCHED
@@ -276,7 +276,7 @@ function check_conficker(host)
 		if(string.find(netpathcanonicalize_result, "INVALID_NAME")) then
 			msrpc.stop_smb(smbstate)
 			return true, CLEAN
-		elseif(string.find(netpathcanonicalize_result, "UNKNOWN_57") ~= nil) then
+		elseif(string.find(netpathcanonicalize_result, "WERR_INVALID_PARAMETER") ~= nil) then
 			msrpc.stop_smb(smbstate)
 			return true, INFECTED
 		else