Nmap Development mailing list archives
Djalal's Status Report - #11 of 17
From: Djalal Harouni <tixxdz () opendz org>
Date: Tue, 12 Jul 2011 03:30:06 +0100
Hi, Accomplishments: * Updated and Improved the ftp-vsftpd-backdoor script, which checks for the recent vsFTPd backdoor (CVE-2011-2523). * Have written the smtp-vuln-cve2011-1764 script, which checks for the Exim DKIM Format string vulnerability (CVE-2011-1764). Currently the check will cause the child to segfault due to an invalid memory reference, however memory corruption is also possible, and for exploitation I really don't know, I need to re-open GDB. The script was only tested against x86. * Updated some scripts' categories, please check svn commit r24834. * Analyzed the Zend Server Java Bridge Arbitrary Code Execution vulnerabilty, but I was not able to find a vulnerable version since the Zend Server is not a free software, I'll try to download a Windows version and see. * Have done some research on vulnerability detection scripts: - Write a osvdb-vuln script or work on and commit Marc's vulscan script [1] - Write a script to check other sites for vulnerabilities and exploits: exploit-db.com, exploitsearch.net etc Priorities: * Test the Exim DKIM Format String vulnerability script against x86_64 machines and submit it to nmap-dev. * Discuss with my mentor and others the idea of a vulnerability detection script that will use a db like OSVDB or a web service like: exploitsearch.net * Install and prepare a Windows guest in order to work on the: - Zend Server Java Bridge Arbitrary Code Execution (OSVDB-71420). - Microsoft Print Spooler Service Impersonation (CVE-2010-2729). * Continue work on my list of scripts. [1] http://seclists.org/nmap-dev/2010/q2/726 -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Djalal's Status Report - #11 of 17 Djalal Harouni (Jul 11)