On Tue, Feb 09, 1999 at 10:06:16AM -0500, der Mouse wrote: | >> [...] the old ioslogon bug [...ISS didn't find it...] | | > [...response from someone who writes as if on behalf of ISS's makers; | > I can't recall whether mindspring.com is the ISS people or not...] David is with ISS, I'm with Netect. I post from homeport because thats where I've been subscribed to bugtraq, and because these opinions are not those of my employer. | If ISS claims to check for the ioslogon bug, but actually checks (by | whatever means) for software versions known to have that bug, the claim | is a lie. If you claim to check for the ioslogon bug, then that's what | you should do: try to exploit it and see if it works. Who knows, maybe | there's another vulnerable version out there, or perhaps some | supposedly vulnerable versions don't happen to be vulnerable after all. Unfortunately, its not that simple in many cases. Lets look at majordomo's reply-to bug as an example. You send mail to majordomo, with a reply-to address in backticks. Majordomo helpfully runs the command for you. Simply doing this and seeing if it works is not easy; the command is queued through mail for running later. How long should a scanner wait for a response? IOS is actually a cleaner case than many; if you have a cisco, its either vulnerable or not; the IOS version, if you can get it, tells you if the machine is vulnerable with a fair degree of reliability. The alternative, which is ask the admin to enter all their admin passwords so that the scanner can log in and check things precisely, makes the scanner host a very fat and attractive target. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:48 PDT