> -----Original Message----- > From: Casper Dik [SMTP:casperat_private] > Sent: Tuesday, February 09, 1999 2:03 PM > To: BUGTRAQat_private > Subject: Re: ISS Internet Scanner Cannot be relied upon for > conclusive Audits > > >Consider another interesting case - there are several sendmail exploits > >(circa 8.6) which require hardware and platform-specific eggs. We > >obviously would have a hard time actually implementing these, and it > would > >be very difficult to make it reliable - so we do a banner check. > > Why do you need an egg? Just stuffing down too much data down > sendmail's throat will make it crash. Connection closed - has bug. > > In fact this is precisely what CyberCop Scanner from NAI does when checking buffer overflows in sendmail and elsewhere. FYI there was recently a product review done on a 'head-to-head' basis between ISS's Scanner and CyberCop Scanner. It may be worth the read given this thread. http://www.infoworld.com/cgi-bin/displayTC.pl?/990208comp.htm
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:50 PDT