RE: MIT Magic cookie vulnerability automated checking?

From: Martin Jr., Wally G. (WALLY.G.MARTIN.JRat_private)
Date: Wed Oct 31 2001 - 09:46:44 PST

Next message: crazytrain.com: "RE: Using Null Session information from NAT.EXE"

Previous message: David Watson: "Extracting NT password hashes from registry export file"
Maybe in reply to: Graham, Randy (RAW) : "MIT Magic cookie vulnerability automated checking?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy,

Perhaps what they were referring to is dsniff
(http://www.monkey.org/~dugsong/dsniff/)? Check out the readme at:
http://www.monkey.org/~dugsong/dsniff/CHANGES

Best,
Wally

-----Original Message-----
From: Graham, Randy (RAW) [mailto:RAWat_private]
Sent: Wednesday, October 31, 2001 9:55 AM
To: PEN-TESTat_private
Subject: MIT Magic cookie vulnerability automated checking?


We've just gone through an audit here at work.  One of the results of the
audit is we are now required to expand out scanning scope (we use ISS for
our scanning).  Of course, because of this we are seeing a lot of potential
vulnerabilities without an easy way to see if we are actually vulnerable or
not.  The latest one we are dealing with is the X MIT-Magic-cookie problem
(CIAC published the information on this on November 20, 1995, so it is an
old one).  Any system using xauth for authentication shows this as a
potential vulnerability, and ISS says to check we have to look for various
patches by vendor, or certain releases of X.  Well, now management tells us
we have to go ahead and check every one of these systems.  CIAC says there
are tools for exploiting this, but I can't find one anywhere on
SecurityFocus, PacketStorm, or through google searches.  We have been told
to find a tool to actually check if a system is vulnerable or not (even
though we don't have permission to run the tool on our network yet...) and
run it against every machine on the network (you know, in case our scanner
missed one).

Is anyone familiar with such a tool?  I don't even care if it allows us to
actually exploit the system, but I have to show management something that we
can point at a system and get a yes/no to the question "Is this machine
vulnerable to the MIT-Magic-cookie vulnerability?"

Randy Graham
-- 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: crazytrain.com: "RE: Using Null Session information from NAT.EXE"
Previous message: David Watson: "Extracting NT password hashes from registry export file"
Maybe in reply to: Graham, Randy (RAW) : "MIT Magic cookie vulnerability automated checking?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 12:14:25 PST