<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Nmap Development: Re: Running NMAP as a non root user - patch

Re: Running NMAP as a non root user - patch

From: <uzy_at_isecurelabs.com>
Date: Mon, 16 May 2005 12:15:37 +0200

Nmap offers several commandline parameters that allow to write to files or
to read from files. Using these flags, a user could be able to get sensitive
information from files he doesn't have the right to read.

He could also be able to overwrite essential files.

I haven't seen the patch file in the mail from Uri Gilad, can you send it
again with the file ? :)

Thanks

Pablo Fernández writes:

> I wonder how a chown root nmap; chmod +s nmap; installation would be a
> security risk (given that nmap doesn't have a large vulnerability
> records (that am I aware of)). Any comments on this?
>
> Best regards.
>

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on May 16 2005

This message: [ Message body ]
Next message: Richard Moore: "Re: Running NMAP as a non root user - patch"
Previous message: Pablo Fernández: "Re: Running NMAP as a non root user - patch"
In reply to: Pablo Fernández: "Re: Running NMAP as a non root user - patch"
Next in thread: Richard Moore: "Re: Running NMAP as a non root user - patch"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos