Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Tue, 9 Feb 1999 10:06:16 -0500
[...] the old ioslogon bug [...ISS didn't find it...]
[...response from someone who writes as if on behalf of ISS's makers; I can't recall whether mindspring.com is the ISS people or not...]
If ISS claims to check for the ioslogon bug, but actually checks (by whatever means) for software versions known to have that bug, the claim is a lie. If you claim to check for the ioslogon bug, then that's what you should do: try to exploit it and see if it works. Who knows, maybe there's another vulnerable version out there, or perhaps some supposedly vulnerable versions don't happen to be vulnerable after all. I can't remember offhand what this bug does. If it's a "hang your router" sort of thing, you may want to have *two* tests, potentially independently controllable, "check for ioslogon bug (dangerous, may crash your router)" and "check for software versions known to have ioslogon bug (safe, requires SNMP)". But claiming to check for the bug when actually just checking the software version (via a means which can be disabled without closing the bug, no less) is like a spamfighter saying "your SMTP daemon claims to be an old Sun sendmail, therefore you're an open relay": it's checking for the wrong thing
OK, so maybe you can explain just exactly how we're supposed to find out whether it is vulnerable if it won't talk to us?
Surely this is a bit of a no-brainer - why not just try the exploit and see if it works? That's certainly what an attacker will do. der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: ISS Internet Scanner Cannot be relied upon for conclusive, (continued)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 12)
- NetApp Filer software versions 5.x: potential hardware killer Jason Downs (Feb 10)
- Netect Advisory: palmetto.ftpd - remote root overflow Jordan Ritter (Feb 09)
- Re: Netect Advisory: palmetto.ftpd - remote root overflow bugtraq mailing list account (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Mr. joej (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Casper Dik (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- sl0scan (ambiguous source portscanner) miff (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Ryan Russell (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive der Mouse (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Joel Eriksson (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Randy Taylor (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Joel Eriksson (Feb 12)
- More Comments: Security Scanners. Craig H. Rowland (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Adam Shostack (Feb 10)
- remote fakebo shell exploit Groovy Pants Gus (Feb 11)
- AW: Security Bug in Bintec Router Firmware (CLID) Thomas Schmidt (Feb 11)
- Re: Security Bug in Bintec Router Firmware (CLID) Pascal Gienger (Feb 11)
- Seeking Policy Data Loftin C. Woodiel (Feb 11)