via : pyth0n3

In Debian Lenny vine instalata versiunea 4.69 de default
Dupa ce vine configurat serviciul rămîne vulnerabil la un atac remote
Ce se întîmplă în cîteva cuvinte.
Vine folosita o tehnica de overflow , nu e una clasica
Vine creat un header email foarte mare care reușește sa rescrie variabilele asociate la MAIL
FROM , așadar poate fi executat cod intrun mod mult mai eficace asupra sistemului operativ
Am incercat sa blochez exploit-ul folosind o opțiune în fișierul de configurare
log_selector = -rejected_header , oricum nu a ajutat la nimic
Trebuie facut update
In cazul in care vine compilata ultima versiune este vulnerabila la local privilege escalation
Exista update si pt asta
Daca vine instalat din sursa ar fi bine sa fie compilat cu optiunea ALT_CONFIG_ROOT_ONLY
Note: Diverse alte sisteme sunt vulnerabile

Book of the Month: NMAP COOKBOOK

Posted April 19th, 2010. Filed under DotCom

“NMAP COOKBOOK – The fat-free guide to network scanning” is the latest book on the world’s best network scanning tool, NMAP. It is the most popular tool with pathora of options which works on wide range of platforms including Windows & Linux.

NMAP is the most popular tool out there with so many options to fine tune the network scanning based on one’s needs. Often new comer and even experienced professionals find it difficult to use full features of NMAP when it comes to field work. In this direction, ‘NMAP Cookbook’ does a great job in conveying rich features of this great tool with its simplified and concise illustration.


In a nutshell, following topics have been covered,

* Installation on Windows, Mac OS X, Unix/Linux platforms
* Basic and advanced scanning techniques
* Network inventory and security auditing
* Firewall evasion techniques
* Zenmap – A graphical front-end for Nmap
* NSE – The Nmap Scripting Engine
* Ndiff – A Nmap scan comparison utility

In addition to explaining basic scanning techniques, it goes on describing other related stuffs such as firewall evasion methods, scripting engine of NMAP, using graphical version of NMAP tool etc. These things together make it great reference book for any security professional.

The book is written based on latest version of the tool, NMAP 5.0. All the scanning options are shown along with visual illustrations which helps in quick grasping of practical examples.

Overall, it stands out from other NMAP based books due to its simplistic and concise explanation which makes it very fast and easy to master the intrinsic technicalities of NMAP.

Source :

P.S Daca a gasit cineva .pdf vreau si eu un link.

Powered by HaxTor | CopyWrong © 2011