Re: Plugin: port_shell_execution.nasl

From: Renaud Deraison (deraisonat_private)
Date: Tue Nov 06 2001 - 15:22:52 PST

Next message: Felix Huber: "New Script"

Previous message: Noam Rathaus: "Fw: Patches: smb_nt_ms00-36.nasl.patch;smb_nt_ms00-29.nasl.patch;smb_nt_ms00-47.nasl.patch;s"
In reply to: Noam Rathaus: "Plugin: port_shell_execution.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 06, 2001 at 08:24:31AM +0200, Noam Rathaus wrote:
> Hi,
> 
> This is a general plugin, it detects the usage of insecure redirection of input
> provided via the internet to a shell script. Though the plugin seems to be in
> right syntax, the plugin causes a crash?
> 
> I would be grateful if you people can help or Renaud.
> 

I'd replace all the "\n" by "\r\n".

Also, you should not look for "uid=0(root)" but just for "uid=0"
(as it's less prone to false negatives, even though in that case it may
be hard).

				-- Renaud

Next message: Felix Huber: "New Script"
Previous message: Noam Rathaus: "Fw: Patches: smb_nt_ms00-36.nasl.patch;smb_nt_ms00-29.nasl.patch;smb_nt_ms00-47.nasl.patch;s"
In reply to: Noam Rathaus: "Plugin: port_shell_execution.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 06 2001 - 15:23:22 PST