File: VULNINFO.md

package info (click to toggle)
masscan 2%3A1.3.2%2Bds1-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 2,704 kB
  • sloc: ansic: 37,158; javascript: 256; makefile: 80
file content (69 lines) | stat: -rw-r--r-- 2,081 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Vulnerability Information and Policy

This document contains information about robustness of this project against
hacker attacks. It describes known vulnerabilities that have been found
in previous versions, and describes policies how vulnerabilities are handled.

## Security contact

robert_david_graham@yahoo.com
@ErrataRob on twitter


## Known vulnerabilities and advisories

none

## Bounty

I'm offering $100, payable in cash or Bitcoin, for security vulnerabilities.
This is primarily for remote vulnerabilities, such as the ability of a target
to buffer-overflow the scanner, or even cause it to crash.

But I'd consider other vulnerabilities as well. Does Kali ship this with suid
and there's a preload bug? That's not really a vuln in this code, but if it's 
something I could fix, I'd consider paying a bounty for it.


## Disclosure policy

If you've got a vuln, just announce it. Please send info to the contact above
as well, please.

I'll probably get around to fixing it within a month or so. This really isn't
heavily used software, so I'm lax on this.

## Threats

The primary threat is from hostile targets on the Internet sending back
responses in order to:
* exploit a buffer-overflow vulnerability
* spoof packets trying to give fraudulent scan results (mitigated with our
  SYN cookies)
* flood packets trying to overload bandwidth/storage
* bad data, such as corrupting banners or DNS names trying to exploit
  downstream consumers with bad html or script tags.

The secondary threat is from use of the program. For example, when a bad
parameter is entered on the command-line, the program spits it back out
in a helpful error message. This is fine for a command-line program that
should run as `root` anyway, but if somebody tries to make it into a 
scriptable service, this becomes a potential vulnerability.

## Safe code policy

Unsafe functions like `strcpy()` are banned.

The code contains an automated regression test by running with the 
`--regress` option. However, currently the regression only tests
a small percentage of the code.