Vulnerability Development mailing list archives
Re: Remote exploitation of network scanners?
From: "Cashdollar, Larry" <lwc () VAPID DHS ORG>
Date: Fri, 25 Aug 2000 13:05:58 -0700
On Fri, 25 Aug 2000, Lincoln Yeoh wrote:
Hypothetical scenario: A scanner requiring remote input scans a targeted host, looking for replies. The targeted host replies with exceptional input causing the scanner to run arbitrary code (buffer overflow etc etc), probably with the privileges of the user running that scanner.
Scanners utitlizing raw sockets for stuff like OS fingerprinting need to be run as root. Some scanners like nessus (last I knew) required a seperate server running that the scanning client connected too. I would hope that the server daemon be audited for overflows, format bugs etc. Everyone makes mistakes, the L0pht has been finding vulnerabilies for years and yet one was found in Antisniff. -- Larry
Current thread:
- Re: Remote exploitation of network scanners?, (continued)
- Re: Remote exploitation of network scanners? Paul Cardon (Aug 25)
- Re: Remote exploitation of network scanners? Marc Maiffret (Aug 25)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 26)
- Re: Remote exploitation of network scanners? Lincoln Yeoh (Aug 26)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 26)
- Re: Remote exploitation of network scanners? Ryan Sweat (Aug 26)
- Re: Remote exploitation of network scanners? Adam Prato (Aug 25)
- Re: Remote exploitation of network scanners? Fyodor (Aug 26)
- Re: Remote exploitation of network scanners? Marshall Beddoe (Aug 26)
- Re: Remote exploitation of network scanners? Cashdollar, Larry (Aug 25)
- Re: Remote exploitation of network scanners? Renaud Deraison (Aug 26)
- Re: Remote exploitation of network scanners? antirez (Aug 26)
- Re: Remote exploitation of network scanners? Domenico De Vitto (Aug 30)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 31)