Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal)

From: Ron <ron () skullsecurity net>
Date: Mon, 15 Feb 2010 15:13:21 -0600
On Mon, 15 Feb 2010 12:47:12 -0800 Fyodor <fyodor () insecure org> wrote:

I agree that it is an important script, and it is a tough call, but
people who want a vuln assessment should really be doing "--script
vuln".  Given that the script does a specialized web request and that
the vast majority of web servers aren't vulnerable, I'd say we should
take it out of default.  If the request was just getting "/", I'd
argue for keeping it in since it is more likely to be in the cache (or
to be used from the cache by other scripts during execution).

One thing I thought about was that it could probably stay in default
if it was converted to only run if VMWare was detected by version
detection.  I imagine that the vulnerable servers have easily
recognizeable Server headers?  But on the other hand, there is a risk
that the Server line might be stripped for some reason, so the script
would be faster and more stealthy, but not quite as reliable.

What if we made it run by default if the server is VMWare, but not otherwise?

I'm not sure if that's possible to do, but it's an interesting thought. 

For now, I'll make it just safe + vuln. 


I can see both advantages and disadvantages of keeping it separate, so
I don't really have a preference between those two options.

All right. I prefer keeping it separate, so unless somebody has a strong objection I'd prefer to keep it separate. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: