Vulnerability Development mailing list archives
Re: Remote exploitation of network scanners?
From: Fyodor <fyodor () INSECURE ORG>
Date: Sat, 26 Aug 2000 17:12:24 -0700
On Sat, 26 Aug 2000, Marshall Beddoe wrote:
Uhm, actually, there has been a remote exploit demonstrated against nmap. It was written by typo of team teso. http://inferno.tusculum.edu/~typo/banfuq.c
Neat. But this is *NOT* an exploit against Nmap. It exploits the version detection facility of "Nmap+V", a third party patch written & maintained by others. One of the reasons I did not accept the "+V" patch into Nmap is that I had no time to do a security audit against all the new code. Thus, nobody who downloaded a real Nmap release (eg from http://www.insecure.org/nmap/ ) is vulnerable. If you decide to download 3rd party derivative programs, then you must be responsible for the security implications of doing so. Obviously I cannot control or guarantee the security of programs/modifications other people write and distribute on their own site. However, I do scrutinize the security of patches before I incorporate them into the Nmap tree. Thanks for the pointer though -- I will pass it on to the maintainers of "Nmap+V" (in case they haven't already seen it). Also, the service detection offered by "Nmap+V" *IS* useful . The idea is to send various probes to open ports to determine what service is REALLY listening on them. Currently Nmap just prints the name of services which are assigned to (or frequently use) the port. But one of the most frequent usages of Nmap is security auditing where it is critically important that people not miss vulnerabilities just because someone was running their server on a non-default port. Thus we (on the Nmap development list) are currently working on determining the best way to (securely) add this functionality to Nmap. We are currently working on the grammar for the probe/detection configuration file. If you are interested in contributing to this effort, you can subscribe via blank email to nmap-dev-subscribe () insecure org . Archives and info about the list are available at http://lists.insecure.org/#nmap-dev . Cheers, Fyodor -- Fyodor 'finger pgp () pgp insecure org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ "The percentage of users running Windows NT Workstation 4.0 whose PCs stopped working more than once a month was less than half that of Windows 95 users."-- microsoft.com/ntworkstation/overview/Reliability/Highest.asp
Current thread:
- Re: Remote exploitation of network scanners? Oliver Friedrichs (Aug 26)
- <Possible follow-ups>
- Re: Remote exploitation of network scanners? Fyodor (Aug 26)