[11829] in bugtraq
Auditing for RPC vulnerabilities? Use BASS
daemon@ATHENA.MIT.EDU (Liraz Siri)
Sat Sep 11 00:10:12 1999
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990909103828.A16712@metaverse.inter.net.il>
Date: Thu, 9 Sep 1999 10:38:28 +0200
Reply-To: Liraz Siri <liraz@BIGFOOT.COM>
From: Liraz Siri <liraz@BIGFOOT.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.04.9909012129170.1118-100000@shell.dhp.com>; from
Fyodor on Wed, Sep 01, 1999 at 09:44:26PM -0400
On Wed, Sep 01, 1999 at 09:44:26PM -0400, Fyodor wrote:
> Further, it can be painful to locate and 'rpcinfo' every host on a
> large network.
BASS includes RPC support, and was designed with bulk in mind (It was
developed for the Internet Auditing Project). It will only take a few
minutes of trivial effort to update the scanner (I might just do it
myself). Besides being a bit out of date, it's well suited for the
task.
RPC support is based on portmapper however, so you won't fair well
if the network is behind a firewall.
You can grab it at:
http://www.securityfocus.com/data/tools/network/bass-1.0.7.tar.gz
BTW, Unless you're running a Linux libc5 (our original development
system), you'll need to apply the bugfix patches posted on Bugtraq a
few weeks ago (Yes, a new version *is* in order).
Fyodor's nmap, especially with RPC support is really an excellent tool.
However, with nmap:
1) It may take a while to comprehensively scan a very large network.
2) It merely detects the presence of a service, and does not test for
vulnerability (by attempting an overflow and evaluating the
response, or the lack of one).
Cheers,
Liraz
