Vulnerability Development mailing list archives
Re: Remote exploitation of network scanners?
From: antirez <antirez () linuxcare com>
Date: Sun, 27 Aug 2000 02:48:26 +0200
On Fri, Aug 25, 2000 at 03:56:30PM +0800, Lincoln Yeoh wrote:
Hi people!
Hi,
I wonder if the many popular scanners out there are written securely - so that they themselves cannot be exploited.
About hping2 I think it's not secure, since I didn't perform a good security auditing of the code I wrote, that's old code + new code + third part code. _Maybe_ that parsing some incoming packet an exploitable buffer overflow can occur. Anyway the developing of hping2 will be more intense in the next months, and I'll consider the hping2 internal security one of the "stuff to fix".
Hypothetical scenario: A scanner requiring remote input scans a targeted host, looking for replies. The targeted host replies with exceptional input causing the scanner to run arbitrary code (buffer overflow etc etc), probably with the privileges of the user running that scanner.
This is true, many scanners are programs that running with the root privileges performs a lot of data parsing. About port-scanner-like software that needs root just to open raw sockets and to open descriptors for the datalink layer, setuid() can be a good solution.
Note that I am not saying that the authors of such programs are writing poor quality code, far from it, but there is a danger that some users may be using them under inappropriate conditions for purposes they were not designed for. After all much of the code released is "for educational purposes only" ;).
In some context it's possible that a coder overstimates the value of security in this kind of software. Again, about hping2, I can say that since it was coded as a dirty-hack in order to perform some test, I don't pay attention about security: unfortunately some line of the first hack are still in the latest distribution. regards, antirez -- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.80 43 411 tel, +39.049.80 43 412 fax antirez () linuxcare com, http://www.linuxcare.com/ Linuxcare. Support for the revolution.
Current thread:
- Re: Remote exploitation of network scanners?, (continued)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 26)
- Re: Remote exploitation of network scanners? Lincoln Yeoh (Aug 26)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 26)
- Re: Remote exploitation of network scanners? Ryan Sweat (Aug 26)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
- Re: Remote exploitation of network scanners? Adam Prato (Aug 25)
- Re: Remote exploitation of network scanners? Fyodor (Aug 26)
- Re: Remote exploitation of network scanners? Marshall Beddoe (Aug 26)
- Re: Remote exploitation of network scanners? Cashdollar, Larry (Aug 25)
- Re: Remote exploitation of network scanners? Renaud Deraison (Aug 26)
- Re: Remote exploitation of network scanners? antirez (Aug 26)
- Re: Remote exploitation of network scanners? Domenico De Vitto (Aug 30)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 31)