|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Thu, 11 Feb 1999 10:06:35 -0800 Reply-To: "Huger, Alfred" <Alfred_Huger@NAI.COM> From: "Huger, Alfred" <Alfred_Huger@NAI.COM> X-To: Casper Dik <casper@HOLLAND.SUN.COM> To: BUGTRAQ@NETSPACE.ORG > -----Original Message----- > From: Casper Dik [SMTP:casper@HOLLAND.SUN.COM] > Sent: Tuesday, February 09, 1999 2:03 PM > To: BUGTRAQ@netspace.org > Subject: Re: ISS Internet Scanner Cannot be relied upon for > conclusive Audits > > >Consider another interesting case - there are several sendmail exploits > >(circa 8.6) which require hardware and platform-specific eggs. We > >obviously would have a hard time actually implementing these, and it > would > >be very difficult to make it reliable - so we do a banner check. > > Why do you need an egg? Just stuffing down too much data down > sendmail's throat will make it crash. Connection closed - has bug. > > In fact this is precisely what CyberCop Scanner from NAI does when checking buffer overflows in sendmail and elsewhere. FYI there was recently a product review done on a 'head-to-head' basis between ISS's Scanner and CyberCop Scanner. It may be worth the read given this thread. http://www.infoworld.com/cgi-bin/displayTC.pl?/990208comp.htm
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |