Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISS Internet Scanner Cannot be relied upon for conclusive Aud

From: Alfred_Huger () NAI COM (Huger, Alfred)
Date: Thu, 11 Feb 1999 10:06:35 -0800


-----Original Message-----
From: Casper Dik [SMTP:casper () HOLLAND SUN COM]
Sent: Tuesday, February 09, 1999 2:03 PM
To:   BUGTRAQ () netspace org
Subject:      Re: ISS Internet Scanner Cannot be relied upon for
conclusive Audits


Consider another interesting case - there are several sendmail exploits
(circa 8.6) which require hardware and platform-specific eggs.  We
obviously would have a hard time actually implementing these, and it

would

be very difficult to make it reliable - so we do a banner check.


Why do you need an egg?  Just stuffing down too much data down
sendmail's throat will make it crash.  Connection closed - has bug.



        In fact this is precisely what CyberCop Scanner from NAI does when
checking buffer overflows in sendmail and elsewhere. FYI there was recently
a product review done on a 'head-to-head' basis between ISS's Scanner and
CyberCop Scanner. It may be worth the read given this thread.
http://www.infoworld.com/cgi-bin/displayTC.pl?/990208comp.htm
Previous By Date Next
Previous By Thread Next

Current thread: