>> [...] the old ioslogon bug [...ISS didn't find it...] > [...response from someone who writes as if on behalf of ISS's makers; > I can't recall whether mindspring.com is the ISS people or not...] If ISS claims to check for the ioslogon bug, but actually checks (by whatever means) for software versions known to have that bug, the claim is a lie. If you claim to check for the ioslogon bug, then that's what you should do: try to exploit it and see if it works. Who knows, maybe there's another vulnerable version out there, or perhaps some supposedly vulnerable versions don't happen to be vulnerable after all. I can't remember offhand what this bug does. If it's a "hang your router" sort of thing, you may want to have *two* tests, potentially independently controllable, "check for ioslogon bug (dangerous, may crash your router)" and "check for software versions known to have ioslogon bug (safe, requires SNMP)". But claiming to check for the bug when actually just checking the software version (via a means which can be disabled without closing the bug, no less) is like a spamfighter saying "your SMTP daemon claims to be an old Sun sendmail, therefore you're an open relay": it's checking for the wrong thing > OK, so maybe you can explain just exactly how we're supposed to find > out whether it is vulnerable if it won't talk to us? Surely this is a bit of a no-brainer - why not just try the exploit and see if it works? That's certainly what an attacker will do. der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:17 PDT