Re: [nmap-svn] r24825 - nmap/scripts

[Henri Doreau <henri.doreau () greenbone net>]

2011/7/11  <commit-mailer () insecure org>:
> Author: djalal
> Date: Mon Jul 11 12:28:02 2011
> New Revision: 24825
>
> Log:
> o [NSE] Updated ftp-vsftpd-backdoor documentation since CVE-2011-2523 was just
>  assigned to this backdoor.
Nice.

As I told Djalal off list providing reference to the corresponding CVE
is important but I don't think that we should change the script name
into the format we use for other vulnerability scripts (that would be
ftp-vuln-cve2011-2523.nse) as the current name is consistent with the
unreal ircd backdoor detection script, and CVEs aren't always assigned
to such issues.
Maybe people would disagree with this?

>  Added a final 'exit' command to terminate the remote '/bin/sh', however I don't
>  think that this is necessary since the backdoor was very simple: it did not
>  fork(), and closing the stdin of the '/bin/sh' will terminate it.
Yes, my mistake. I forgot to mention it afterward but testing revealed
that actually the call to exit wasn't required. Doesn't hurt to have
it though.

Regards.

-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/