Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Critical issues identified by Nessus

from [monali . shah] Network Security [Permanent Link]
Subject: Re: Critical issues identified by Nessus
Date: Thu, 17 Nov 2005 11:57:53 +0530 
Hi Josh,
        Thanks for the info. 
There is one more thing that I observed.
One of the processes of my application gets killed while the scan is 
happening, however the hole which I have mentioned below is seen in the 
report 
after almost 20 min. Does it mean that the process is actually killed by 
some other plugin and not this one ?

Under what circumstances can this hole be a false positive ?

unknown (6780/tcp) High 
It was possible to crash the remote service by flooding it with too much 
data.

An attacker may use this flaw to make this service crash continuously, 
preventing this service from working properly. It may also be possible
to exploit this flaw to execute arbitrary code on this host.


Solution : upgrade your software or contact your vendor and inform it of 
this 
vulnerability
Risk factor : High
 
Thanks in advance for your help

Regards,
Monali Navin Shah




Josh Zlatin-Amishav <josh@tkos.co.il> 
11/16/2005 02:25 PM

To
monali.shah@tcs.com
cc
Nessus@list.nessus.org
Subject
Re: Critical issues identified by Nessus






On Wed, 16 Nov 2005 monali.shah@tcs.com wrote:


What I would like to know over here is that :
a : Which pluggin actually identified these holes ?


It looks like the miscflood.nasl (plugin #10735). Depending on what your
report output type is, you can see which plugin identified which hole.


b : What is the kind of data that was pumped in to crash the port , i 

mean

is it some random data or some specific Packets which are being sent  ?


miscflood.nasl sends a string of 65535 X's 10 times to the open port and
then checks if the service that was listening is still responsive.

--
  - Josh

ForwardSourceID:NT00004382 


Notice: The information contained in this e-mail message and/or attachments to 
it may contain confidential or privileged information. If you are not the 
intended recipient, any dissemination, use, review, distribution, printing or 
copying of the information contained in this e-mail message and/or attachments 
to it are strictly prohibited. If you have received this communication in 
error, please notify us by reply e-mail or telephone and immediately and 
permanently delete the message and any attachments. Thank you


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: nessus configuration, false positive and kb saving, Nicolas Pouvesle
Next by Date:  How to configure nessus to use nikto, Raz
Previous by Thread:  Re: Critical issues identified by Nessus, Josh Zlatin-Amishav
Next by Thread:  Re: Critical issues identified by Nessus, Josh Zlatin-Amishav
Indexes:  [Date] [Thread] [Top] [All Lists]