Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive
From: adam () HOMEPORT ORG (Adam Shostack)
Date: Wed, 10 Feb 1999 23:44:18 -0500
On Tue, Feb 09, 1999 at 10:06:16AM -0500, der Mouse wrote: | >> [...] the old ioslogon bug [...ISS didn't find it...] | | > [...response from someone who writes as if on behalf of ISS's makers; | > I can't recall whether mindspring.com is the ISS people or not...] David is with ISS, I'm with Netect. I post from homeport because thats where I've been subscribed to bugtraq, and because these opinions are not those of my employer. | If ISS claims to check for the ioslogon bug, but actually checks (by | whatever means) for software versions known to have that bug, the claim | is a lie. If you claim to check for the ioslogon bug, then that's what | you should do: try to exploit it and see if it works. Who knows, maybe | there's another vulnerable version out there, or perhaps some | supposedly vulnerable versions don't happen to be vulnerable after all. Unfortunately, its not that simple in many cases. Lets look at majordomo's reply-to bug as an example. You send mail to majordomo, with a reply-to address in backticks. Majordomo helpfully runs the command for you. Simply doing this and seeing if it works is not easy; the command is queued through mail for running later. How long should a scanner wait for a response? IOS is actually a cleaner case than many; if you have a cisco, its either vulnerable or not; the IOS version, if you can get it, tells you if the machine is vulnerable with a fair degree of reliability. The alternative, which is ask the admin to enter all their admin passwords so that the scanner can log in and check things precisely, makes the scanner host a very fat and attractive target. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Re: ISS Internet Scanner Cannot be relied upon for conclusive, (continued)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Casper Dik (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
- sl0scan (ambiguous source portscanner) miff (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Ryan Russell (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive der Mouse (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Joel Eriksson (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Randy Taylor (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Joel Eriksson (Feb 12)
- More Comments: Security Scanners. Craig H. Rowland (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Adam Shostack (Feb 10)
- remote fakebo shell exploit Groovy Pants Gus (Feb 11)
- AW: Security Bug in Bintec Router Firmware (CLID) Thomas Schmidt (Feb 11)
- Re: Security Bug in Bintec Router Firmware (CLID) Pascal Gienger (Feb 11)
- Seeking Policy Data Loftin C. Woodiel (Feb 11)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Brian Koref (Feb 11)
- Buffer overflow in Serve-U Ryan Sweat (Feb 11)