Vulnerability Development mailing list archives
Re: Remote exploitation of network scanners?
From: Renaud Deraison <deraison () CVS NESSUS ORG>
Date: Sat, 26 Aug 2000 22:05:43 +0200
On Fri, 25 Aug 2000, Lincoln Yeoh wrote:
I wonder if the many popular scanners out there are written securely - so that they themselves cannot be exploited.
[...]
Hypothetical scenario: A scanner requiring remote input scans a targeted host, looking for replies. The targeted host replies with exceptional input causing the scanner to run arbitrary code (buffer overflow etc etc), probably with the privileges of the user running that scanner.
In the case of Nessus, we developped our own scripting language to prevent this kind of issue from happening. Basically, there are no buffer overflow that can be done[1], and no command can be embedded in the answer of a malicious target (and even if someone really smart could make Nessus execute arbitrary NASL code, no harm could be done, see the NASL documentation & sources for details explaining why this is so). -- Renaud [1] by design anyway. Maybe there is a flaw we are not aware of. Find it and win a dedicated cd :) -- Renaud Deraison The Nessus Project http://www.nessus.org
Current thread:
- Re: Remote exploitation of network scanners?, (continued)
- Re: Remote exploitation of network scanners? Marc Maiffret (Aug 25)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 26)
- Re: Remote exploitation of network scanners? Lincoln Yeoh (Aug 26)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 26)
- Re: Remote exploitation of network scanners? Ryan Sweat (Aug 26)
- Re: Remote exploitation of network scanners? Adam Prato (Aug 25)
- Re: Remote exploitation of network scanners? Fyodor (Aug 26)
- Re: Remote exploitation of network scanners? Marshall Beddoe (Aug 26)
- Re: Remote exploitation of network scanners? Cashdollar, Larry (Aug 25)
- Re: Remote exploitation of network scanners? Renaud Deraison (Aug 26)
- Re: Remote exploitation of network scanners? antirez (Aug 26)
- Re: Remote exploitation of network scanners? Domenico De Vitto (Aug 30)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 31)