Vulnerability Development mailing list archives

Re: Remote exploitation of network scanners?

From: antirez <antirez () linuxcare com>
Date: Sun, 27 Aug 2000 02:48:26 +0200

On Fri, Aug 25, 2000 at 03:56:30PM +0800, Lincoln Yeoh wrote:

Hi people!

Hi,

I wonder if the many popular scanners out there are written securely - so
that they themselves cannot be exploited.


About hping2 I think it's not secure, since I didn't perform a good security
auditing of the code I wrote, that's old code + new code + third part code.
_Maybe_ that parsing some incoming packet an exploitable buffer overflow
can occur. Anyway the developing of hping2 will be more intense in the
next months, and I'll consider the hping2 internal security one of the
"stuff to fix".

Hypothetical scenario:
A scanner requiring remote input scans a targeted host, looking for replies.
The targeted host replies with exceptional input causing the scanner to run
arbitrary code (buffer overflow etc etc), probably with the privileges of
the user running that scanner.


This is true, many scanners are programs that running with the root
privileges performs a lot of data parsing. About port-scanner-like
software that needs root just to open raw sockets and to
open descriptors for the datalink layer, setuid() can be a good solution.

Note that I am not saying that the authors of such programs are writing
poor quality code, far from it, but there is a danger that some users may
be using them under inappropriate conditions for purposes they were not
designed for. After all much of the code released is "for educational
purposes only" ;).


In some context it's possible that a coder overstimates the value of
security in this kind of software. Again, about hping2, I can say
that since it was coded as a dirty-hack in order to perform some test,
I don't pay attention about security: unfortunately some line of the
first hack are still in the latest distribution.

regards,
antirez

--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.80 43 411 tel, +39.049.80 43 412 fax
antirez () linuxcare com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.

Current thread:

Re: Remote exploitation of network scanners?, (continued)
- - Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
    - Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 26)
    - Re: Remote exploitation of network scanners? Lincoln Yeoh (Aug 26)
    - Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 26)
    - Re: Remote exploitation of network scanners? Ryan Sweat (Aug 26)
  - Re: Remote exploitation of network scanners? Adam Prato (Aug 25)
    - Re: Remote exploitation of network scanners? Fyodor (Aug 26)
    - Re: Remote exploitation of network scanners? Marshall Beddoe (Aug 26)
  - Re: Remote exploitation of network scanners? Cashdollar, Larry (Aug 25)
  - Re: Remote exploitation of network scanners? Renaud Deraison (Aug 26)
  - Re: Remote exploitation of network scanners? antirez (Aug 26)
    - Re: Remote exploitation of network scanners? Domenico De Vitto (Aug 30)
    - Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 31)