Remote exploitation of network scanners?

[Lincoln Yeoh <lyeoh () POP JARING MY>]

Hi people!

I wonder if the many popular scanners out there are written securely - so
that they themselves cannot be exploited.

It seems to me that many of these programs are written as a "proof of
concept" or as instructive samples, and good for that purpose alone but may
not be robust enough for use in a hostile environment.

Hypothetical scenario:
A scanner requiring remote input scans a targeted host, looking for replies.
The targeted host replies with exceptional input causing the scanner to run
arbitrary code (buffer overflow etc etc), probably with the privileges of
the user running that scanner.

Denial of service programs are probably less vulnerable since they usually
don't require remote input (except maybe dns?). They usually accept input
from the command-line which shouldn't become a problem in typical usage :).

Note that I am not saying that the authors of such programs are writing
poor quality code, far from it, but there is a danger that some users may
be using them under inappropriate conditions for purposes they were not
designed for. After all much of the code released is "for educational
purposes only" ;).

Have a nice weekend!

Link.