Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive Aud
From: Alfred_Huger () NAI COM (Huger, Alfred)
Date: Thu, 11 Feb 1999 10:06:35 -0800
-----Original Message----- From: Casper Dik [SMTP:casper () HOLLAND SUN COM] Sent: Tuesday, February 09, 1999 2:03 PM To: BUGTRAQ () netspace org Subject: Re: ISS Internet Scanner Cannot be relied upon for conclusive AuditsConsider another interesting case - there are several sendmail exploits (circa 8.6) which require hardware and platform-specific eggs. We obviously would have a hard time actually implementing these, and itwouldbe very difficult to make it reliable - so we do a banner check.Why do you need an egg? Just stuffing down too much data down sendmail's throat will make it crash. Connection closed - has bug.
In fact this is precisely what CyberCop Scanner from NAI does when checking buffer overflows in sendmail and elsewhere. FYI there was recently a product review done on a 'head-to-head' basis between ISS's Scanner and CyberCop Scanner. It may be worth the read given this thread. http://www.infoworld.com/cgi-bin/displayTC.pl?/990208comp.htm
Current thread:
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Aud Huger, Alfred (Feb 11)