Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote exploitation of network scanners?

From: Renaud Deraison <deraison () CVS NESSUS ORG>
Date: Sat, 26 Aug 2000 22:05:43 +0200
On Fri, 25 Aug 2000, Lincoln Yeoh wrote:


I wonder if the many popular scanners out there are written securely - so
that they themselves cannot be exploited.

[...]

Hypothetical scenario:
A scanner requiring remote input scans a targeted host, looking for replies.
The targeted host replies with exceptional input causing the scanner to run
arbitrary code (buffer overflow etc etc), probably with the privileges of
the user running that scanner.


In the case of Nessus, we developped our own scripting language to prevent
this kind of issue from happening. Basically, there are no buffer
overflow that can be done[1], and no command can be embedded in the
answer of a malicious target (and even if someone really smart could make
Nessus execute arbitrary NASL code, no harm could be done, see the NASL
documentation & sources for details explaining why this is so).

                                -- Renaud


[1] by design anyway. Maybe there is a flaw we are not aware of. Find it
    and win a dedicated cd :)

--
Renaud Deraison
The Nessus Project
http://www.nessus.org
Previous By Date Next
Previous By Thread Next

Current thread: