Re: Remote exploitation of network scanners?

[Oliver Friedrichs <ofriedrichs () SECURITYFOCUS COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I wonder if the many popular scanners out there are written
> securely - so that they themselves cannot be exploited.

Yes, this is definately a very real threat.  During the
development and lifecycle of CyberCop Scanner/Ballista,
we routinely did audits of all scanner module code looking
for overflows, signed/unsigned problems, and protocol decode
problems.  The same kind of problems that exist in any client
side application can exist in a scanner, since thats
essentially what a scanner is.

I can say that we made a best-efforts attempt to prevent
these types of problems while we were at SNI/NAI, but it
really depends on the developers.

Being in the scanner industry, you routinely heard of potential
problems in either your own scanner, or a competitor's, but I
don't recall any that ever solidified.

Besides scanners, the same goes for IDS systems, and network
sniffers.  With the amount of code in these applications,
you can bet these problems are there, the only thing saving them
is their closed-source nature - but IDA sort of solves that.

- - Oliver

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOab8bMm4FXxxREdXEQIP7gCgn/eqyt7PSNbFEncS1vHK7rJCyrAAniny
X2lpiCiUrL/OPJZClZmxsjQx
=eBTy
-----END PGP SIGNATURE-----