Djalal's Status Report - #11 of 17

[Djalal Harouni <tixxdz () opendz org>]

Hi,

Accomplishments:
* Updated and Improved the ftp-vsftpd-backdoor script, which checks for
  the recent vsFTPd backdoor (CVE-2011-2523).

* Have written the smtp-vuln-cve2011-1764 script, which checks for the
  Exim DKIM Format string vulnerability (CVE-2011-1764).
  Currently the check will cause the child to segfault due to an invalid
  memory reference, however memory corruption is also possible, and for
  exploitation I really don't know, I need to re-open GDB.
  The script was only tested against x86.

* Updated some scripts' categories, please check svn commit r24834.

* Analyzed the Zend Server Java Bridge Arbitrary Code Execution
  vulnerabilty, but I was not able to find a vulnerable version since the
  Zend Server is not a free software, I'll try to download a Windows
  version and see.

* Have done some research on vulnerability detection scripts:
  - Write a osvdb-vuln script or work on and commit Marc's vulscan
    script [1]
  - Write a script to check other sites for vulnerabilities and exploits:
    exploit-db.com, exploitsearch.net etc


Priorities:
* Test the Exim DKIM Format String vulnerability script against x86_64
  machines and submit it to nmap-dev.

* Discuss with my mentor and others the idea of a vulnerability detection
  script that will use a db like OSVDB or a web service like:
  exploitsearch.net

* Install and prepare a Windows guest in order to work on the:
  - Zend Server Java Bridge Arbitrary Code Execution (OSVDB-71420).
  - Microsoft Print Spooler Service Impersonation (CVE-2010-2729).

* Continue work on my list of scripts.

[1] http://seclists.org/nmap-dev/2010/q2/726


-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/