Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISS Internet Scanner Cannot be relied upon for conclusive

From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Tue, 9 Feb 1999 10:06:16 -0500


[...] the old ioslogon bug [...ISS didn't find it...]



[...response from someone who writes as if on behalf of ISS's makers;
I can't recall whether mindspring.com is the ISS people or not...]


If ISS claims to check for the ioslogon bug, but actually checks (by
whatever means) for software versions known to have that bug, the claim
is a lie.  If you claim to check for the ioslogon bug, then that's what
you should do: try to exploit it and see if it works.  Who knows, maybe
there's another vulnerable version out there, or perhaps some
supposedly vulnerable versions don't happen to be vulnerable after all.

I can't remember offhand what this bug does.  If it's a "hang your
router" sort of thing, you may want to have *two* tests, potentially
independently controllable, "check for ioslogon bug (dangerous, may
crash your router)" and "check for software versions known to have
ioslogon bug (safe, requires SNMP)".  But claiming to check for the bug
when actually just checking the software version (via a means which can
be disabled without closing the bug, no less) is like a spamfighter
saying "your SMTP daemon claims to be an old Sun sendmail, therefore
you're an open relay": it's checking for the wrong thing


OK, so maybe you can explain just exactly how we're supposed to find
out whether it is vulnerable if it won't talk to us?


Surely this is a bit of a no-brainer - why not just try the exploit and
see if it works?  That's certainly what an attacker will do.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
Previous By Date Next
Previous By Thread Next

Current thread: