Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Comments re: Vulnerability Testing

From: mro () INTELLIGENCIA COM (mro () INTELLIGENCIA COM)
Date: Sat, 13 Feb 1999 12:00:31 -0500

As a Network Associates customer, I'd like to dispute Thomas Ptacek and Alfred Huger's claims about CyberCop Scanner.  
Obviously, they are the authors of CyberCop, but with some simple testing, it is clear that they are either wrong or 
misrepresenting their product.

Serious false negatives:

When I turned off all CC Scanner checks, except for the Email checks, it wouldn't find Anything vulnerable, even on 
servers that I knew had a major vulnerability in sendmail. After spending many hours, pulling my hair out trying to 
figure out why CC Scanner didn't find the vulnerabilities on servers that I knew were wide open, it turns out that you 
must turn on Information gathering checks, in order for CCS to actually find any Email vulnerabilities.  I could not 
find this in any documentation and consider it a serious flaw.  This assumption of requiring Info Gathering checks 
turned on is undocumented and could lead users to a very Wrong conclusions.

Serious False Positives:

Then, I sent up Netcat to send a sendmail banner on connection to port 25 (SMTP). Even tho Alfred claims no reliance on 
version checking, CyberCop got fooled on the Sendmail banners, and even CyberCop has in the GUI a check called 
"Sendmail Banner Check".  Duh!

Then, whithout anything special, just by having the Netcat program connecting on port 25, every single Sendmail buffer 
overflow check in CyberCop was returning as a false Positive.   Obviously, their claim to actually exploiting the 
vulnerability is false. CCS isn't exploiting the vulnerability, but just trying to send garbage and without any proof, 
making incorrect assumptions that it is vulnerable.

I did try to call NAI's support to report these problems, and after 2 hrs of waiting to get someone, I hung up.  
Hopefully this gets to the appropriate people at NAI to fix these problems.

Any ways, I hope this sheds some light on some additional issues with all scanners.



---------------------------------------------------
Get free personalized email at http://www.iname.com
Previous By Date Next
Previous By Thread Next

Current thread: