Vulnerability Development mailing list archives
Re: Remote exploitation of network scanners?
From: Marc Maiffret <marc () eeye com>
Date: Fri, 25 Aug 2000 12:07:48 +0100
Yup... exploiting scanners, or any security product really, definitely can happen. An example of how an older version of Internet Security Scanner was exploited, can be found here: http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-1&ms g=Pine.BSD.4.00.9812032016220.8681-100000 () l0pht com Signed, Marc Maiffret Chief Hacking Officer eCompany / eEye T.949.349.9062 F.949.349.9538 http://eEye.com | -----Original Message----- | From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of | Lincoln Yeoh | Sent: Friday, August 25, 2000 8:57 AM | To: VULN-DEV () SECURITYFOCUS COM | Subject: Remote exploitation of network scanners? | | | Hi people! | | I wonder if the many popular scanners out there are written securely - so | that they themselves cannot be exploited. | | It seems to me that many of these programs are written as a "proof of | concept" or as instructive samples, and good for that purpose | alone but may | not be robust enough for use in a hostile environment. | | Hypothetical scenario: | A scanner requiring remote input scans a targeted host, looking | for replies. | The targeted host replies with exceptional input causing the | scanner to run | arbitrary code (buffer overflow etc etc), probably with the privileges of | the user running that scanner. | | Denial of service programs are probably less vulnerable since they usually | don't require remote input (except maybe dns?). They usually accept input | from the command-line which shouldn't become a problem in typical | usage :). | | Note that I am not saying that the authors of such programs are writing | poor quality code, far from it, but there is a danger that some users may | be using them under inappropriate conditions for purposes they were not | designed for. After all much of the code released is "for educational | purposes only" ;). | | Have a nice weekend! | | Link. |
Current thread:
- Packet Fragmentation Attacks Max (Aug 24)
- Re: Packet Fragmentation Attacks Mikael Olsson (Aug 25)
- Remote exploitation of network scanners? Lincoln Yeoh (Aug 25)
- Re: Remote exploitation of network scanners? Paul Cardon (Aug 25)
- Re: Remote exploitation of network scanners? Marc Maiffret (Aug 25)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 26)
- Re: Remote exploitation of network scanners? Lincoln Yeoh (Aug 26)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 26)
- Re: Remote exploitation of network scanners? Ryan Sweat (Aug 26)
- Re: Remote exploitation of network scanners? Adam Prato (Aug 25)
- Re: Remote exploitation of network scanners? Fyodor (Aug 26)
- Re: Remote exploitation of network scanners? Marshall Beddoe (Aug 26)
- Re: Remote exploitation of network scanners? Cashdollar, Larry (Aug 25)
- Re: Remote exploitation of network scanners? Renaud Deraison (Aug 26)