|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Remote exploitation of network scanners?
From: antirez (antirez
LINUXCARE.COM)Date: Sat Aug 26 2000 - 19:48:26 CDT
- Next message: gov-boi: "Re: os/2 shellcode?"
- Previous message: Marshall Beddoe: "Re: Remote exploitation of network scanners?"
- In reply to: Lincoln Yeoh: "Remote exploitation of network scanners?"
- Next in thread: Domenico De Vitto: "Re: Remote exploitation of network scanners?"
- Reply: antirez: "Re: Remote exploitation of network scanners?"
- Reply: Domenico De Vitto: "Re: Remote exploitation of network scanners?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Aug 25, 2000 at 03:56:30PM +0800, Lincoln Yeoh wrote:
> Hi people!
Hi,
> I wonder if the many popular scanners out there are written securely - so
> that they themselves cannot be exploited.
About hping2 I think it's not secure, since I didn't perform a good security
auditing of the code I wrote, that's old code + new code + third part code.
_Maybe_ that parsing some incoming packet an exploitable buffer overflow
can occur. Anyway the developing of hping2 will be more intense in the
next months, and I'll consider the hping2 internal security one of the
"stuff to fix".
> Hypothetical scenario:
> A scanner requiring remote input scans a targeted host, looking for replies.
> The targeted host replies with exceptional input causing the scanner to run
> arbitrary code (buffer overflow etc etc), probably with the privileges of
> the user running that scanner.
This is true, many scanners are programs that running with the root
privileges performs a lot of data parsing. About port-scanner-like
software that needs root just to open raw sockets and to
open descriptors for the datalink layer, setuid() can be a good solution.
> Note that I am not saying that the authors of such programs are writing
> poor quality code, far from it, but there is a danger that some users may
> be using them under inappropriate conditions for purposes they were not
> designed for. After all much of the code released is "for educational
> purposes only" ;).
In some context it's possible that a coder overstimates the value of
security in this kind of software. Again, about hping2, I can say
that since it was coded as a dirty-hack in order to perform some test,
I don't pay attention about security: unfortunately some line of the
first hack are still in the latest distribution.
regards,
antirez
-- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.80 43 411 tel, +39.049.80 43 412 fax antirez
- Next message: gov-boi: "Re: os/2 shellcode?"
- Previous message: Marshall Beddoe: "Re: Remote exploitation of network scanners?"
- In reply to: Lincoln Yeoh: "Remote exploitation of network scanners?"
- Next in thread: Domenico De Vitto: "Re: Remote exploitation of network scanners?"
- Reply: antirez: "Re: Remote exploitation of network scanners?"
- Reply: Domenico De Vitto: "Re: Remote exploitation of network scanners?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]