Re: CORE-Impact license bypass

[Bernhard Mueller <research () sec-consult com>]

Valdis.Kletnieks () vt edu wrote:
> On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said:
>
> And note also that "finding a hole" and "be talented enough to create an
> exploit" are *totally* distinct.  I found a rather nasty rootable hole in
> Sendmail a while back (read the release notes for 8.10.1 and the relevant
> manpages for the system linker - that gives enough info to figure out what the
> bug was). Never did create a working exploit for it - I fooled with it for an
> afternoon and only got as far as proving that if somebody were to spend more
> than an afternoon on it, they *could* produce a working exploit.

i agree with this. it's often much easier to find a bug than to exploit
it (see strange heap overflows and the like), and i also don't have the
time to spend days on disassembling and looking for attack vectors (and
i'm sure that other people will have more fun doing just that).
what i criticize is that *lots* of companies (at least here in my
vicinity) are selling cheap "vulnerability assessments" which actually
are nothing more than automated security scans. this leads to the
customer feeling safe when he's really wide open to attacks. often,
these people's networks can be rooted in no time.
sure, you don't have to be uber-31337 to do penetration tests (i'm
certainly not), but it should definitely go beyond the
"scan--+--google-for-exploit" approach.

regards,

-- 
_____________________________________________________

~  DI (FH) Bernhard Mueller
~  IT Security Consultant

~  SEC-Consult Unternehmensberatung GmbH
~  www.sec-consult.com

~  A-1080 Wien  Blindengasse 3
~  Tel:   +43/676/840301718
~  Fax:   +43/(0)1/4090307-590
______________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/