From f366c0d1917bee3afe23430f36766e81f9e17c62 Mon Sep 17 00:00:00 2001
From: henri <henri@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 8 Sep 2012 09:36:25 +0000
Subject: [PATCH] Don't always assume that 'safe=1' was set. Added a check for
 'unsafe' in ms08-67

---
 scripts/smb-check-vulns.nse | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/smb-check-vulns.nse b/scripts/smb-check-vulns.nse
index 15176020b..8cd366e4e 100644
--- a/scripts/smb-check-vulns.nse
+++ b/scripts/smb-check-vulns.nse
@@ -152,6 +152,9 @@ function check_ms08_067(host)
 	if(nmap.registry.args.safe ~= nil) then
 		return true, NOTRUN
 	end
+	if(nmap.registry.args.unsafe == nil) then
+		return true, NOTRUN
+	end
 	local status, smbstate
 	local bind_result, netpathcompare_result
 
@@ -585,7 +588,7 @@ action = function(host)
 		elseif(result == UNKNOWN) then
 			table.insert(response, get_response("MS08-067", "LIKELY VULNERABLE", "host stopped responding",         1)) -- TODO: this isn't very accurate
 		elseif(result == NOTRUN) then
-			table.insert(response, get_response("MS08-067", "CHECK DISABLED",    "remove 'safe=1' argument to run", 1))
+			table.insert(response, get_response("MS08-067", "CHECK DISABLED",    "add '--script-args=unsafe=1' to run", 1))
 		elseif(result == INFECTED) then
 			table.insert(response, get_response("MS08-067", "NOT VULNERABLE",    "likely by Conficker",             0))
 		else
@@ -650,7 +653,7 @@ action = function(host)
         if(result == VULNERABLE) then
 			table.insert(response, get_response("MS06-025", "VULNERABLE", nil, 0))
         elseif(result == NOTRUN) then
-			table.insert(response, get_response("MS06-025", "CHECK DISABLED", "remove 'safe=1' argument to run", 1))
+			table.insert(response, get_response("MS06-025", "CHECK DISABLED", "add '--script-args=unsafe=1' to run", 1))
         elseif(result == NOTUP) then
 			table.insert(response, get_response("MS06-025", "NO SERVICE", "the Ras RPC service is inactive", 1))
         else
@@ -670,7 +673,7 @@ action = function(host)
         if(result == VULNERABLE) then
 			table.insert(response, get_response("MS07-029", "VULNERABLE", nil, 0))
         elseif(result == NOTRUN) then
-			table.insert(response, get_response("MS07-029", "CHECK DISABLED", "remove 'safe=1' argument to run", 1))
+			table.insert(response, get_response("MS07-029", "CHECK DISABLED", "add '--script-args=unsafe=1' to run", 1))
         else
 			table.insert(response, get_response("MS07-029", "NOT VULNERABLE", nil, 1))
         end