Nmap Development mailing list archives
Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal)
From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 4 Mar 2010 20:10:54 -0600
Have it been added to script db to get with update feature? Also, this "--scrip vuln" fail here. I'm using nmap 5. I also noticed that if I use the tag to check for all scripts some of them are missed. For example, the VNC auth bypass and default credentials are simple ignored or stop to detect vulnerable hosts. Is it a well know problem? I'm using together with -sC. Thanks On Wed, Feb 17, 2010 at 3:56 PM, Richard Miles <richard.k.miles () googlemail com> wrote:
Have it been added to script db to get with update feature? Also, this "--scrip vuln" fail here. I'm using nmap 5. I also noticed that if I use the tag to check for all scripts some of them are missed. For example, the VNC auth bypass and default credentials are simple ignored or stop to detect vulnerable hosts. Is it a well know problem? I'm using together with -sC. Thanks On Mon, Feb 15, 2010 at 4:51 PM, David Fifield <david () bamsoftware com> wrote:On Mon, Feb 15, 2010 at 03:13:21PM -0600, Ron wrote:On Mon, 15 Feb 2010 12:47:12 -0800 Fyodor <fyodor () insecure org> wrote:I agree that it is an important script, and it is a tough call, but people who want a vuln assessment should really be doing "--script vuln". Given that the script does a specialized web request and that the vast majority of web servers aren't vulnerable, I'd say we should take it out of default. If the request was just getting "/", I'd argue for keeping it in since it is more likely to be in the cache (or to be used from the cache by other scripts during execution). One thing I thought about was that it could probably stay in default if it was converted to only run if VMWare was detected by version detection. I imagine that the vulnerable servers have easily recognizeable Server headers? But on the other hand, there is a risk that the Server line might be stripped for some reason, so the script would be faster and more stealthy, but not quite as reliable.What if we made it run by default if the server is VMWare, but not otherwise? I'm not sure if that's possible to do, but it's an interesting thought. For now, I'll make it just safe + vuln.I can see both advantages and disadvantages of keeping it separate, so I don't really have a preference between those two options.All right. I prefer keeping it separate, so unless somebody has a strong objection I'd prefer to keep it separate.All right, sounds good with "safe", "vuln" and keeping it separate. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 09)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Richard Miles (Feb 10)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 10)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) David Fifield (Feb 12)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 12)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Fyodor (Feb 15)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 15)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) David Fifield (Feb 15)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Richard Miles (Feb 17)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Richard Miles (Mar 04)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) David Fifield (Feb 12)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) rilian4 rilian4 (Feb 10)