Nmap Development mailing list archives
Re: [nmap-svn] r24825 - nmap/scripts
From: Henri Doreau <henri.doreau () greenbone net>
Date: Mon, 11 Jul 2011 21:36:53 +0200
2011/7/11 <commit-mailer () insecure org>:
Author: djalal Date: Mon Jul 11 12:28:02 2011 New Revision: 24825 Log: o [NSE] Updated ftp-vsftpd-backdoor documentation since CVE-2011-2523 was just assigned to this backdoor.
Nice. As I told Djalal off list providing reference to the corresponding CVE is important but I don't think that we should change the script name into the format we use for other vulnerability scripts (that would be ftp-vuln-cve2011-2523.nse) as the current name is consistent with the unreal ircd backdoor detection script, and CVEs aren't always assigned to such issues. Maybe people would disagree with this?
Added a final 'exit' command to terminate the remote '/bin/sh', however I don't think that this is necessary since the backdoor was very simple: it did not fork(), and closing the stdin of the '/bin/sh' will terminate it.
Yes, my mistake. I forgot to mention it afterward but testing revealed that actually the call to exit wasn't required. Doesn't hurt to have it though. Regards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r24825 - nmap/scripts Henri Doreau (Jul 11)
- Re: [nmap-svn] r24825 - nmap/scripts Djalal Harouni (Jul 11)