Network Security Assessment by Chris McNab This errata page lists errors outstanding in the most recent printing. If you have technical questions or error reports, you can send them to booktech@oreilly.com. Please specify the printing date of your copy. This page was updated November 12, 2004. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification Confirmed errors: (4) Figure 1-1, Penetration Testing; "Wide scope 'no holds barred' approach involving multiple attack vendors..." should read: "...involving multiple attack vectors..." (8) Figure 1-2; The description in the "Brute Force Password Grinding" box: Using multipe vectors... should read: Using multiple vectors... {79} Table 5-1 should include the following two entries: ZXFR denial-of-service CVE-2000-0887 8.2-8.2.2 patch level 6 Large TTL negative CVE-2003-0914 8.3-8.3.7 and 8.4-8.4.3 cache poisoning bug (171) 2nd paragraph example; "chrismail.trustmatta.com" should be "chris mail.trustmatta.com" [172] notes; It is very easy to get from user/bin to user/root under Unix-based systems should be: It is very easy to get from bin privilege to root privilege under Unix-based systems [174] 1st paragraph; X Consortium was closed in 1996. X is currently maintained by X.org foundation. see http://en.wikipedia.org/wiki/X_Window_System#The_X_Consortium (198) 2nd paragraph; heck the MITRE CVE and ... Should be check the MITRE CVE and ... {202} Microsoft SQL Server; "The service listens on UDP port 1434 and returns the IP address and port number" should read: "The service listens on UDP port 1434 and returns the server name and port number" (207) fig 8-7 and paragraph above VSNUM should be: VSNNUM (also the index page 370 needs to be corrected too) (210) table 8-5, 3rd entry in the "note" column; Oracle 8i and 9iVersion 8.1.7 and 9.0.1 and prior) TNS Listener... should be: Oracle 8i and 9i(Version 8.1.7 and 9.0.1 and prior) TNS Listener... (255) Table 10-3; the "ISS XFID ... Notes" table heading should have a dark grey shaded background (275) 1st paragraph; Due to the number of different RPC services, associated prognum values, ... should be: Due to the number of different RPC services, associated program values, ... {275} Table 12-1 is missing a bug in yppasswd, and currently reads: 100009 yppasswd Yes No No No CVE-2001-0779 should read: 100009 yppasswd Yes No Yes No CVE-2001-0779 CVE-2002-0357 {275} Table 12-1 is missing three bugs in ttdbserverd, and currently reads: 100083 ttdbserverd Yes No Yes Yes CVE-2001-0717 should read: 100083 ttdbserverd Yes No Yes Yes CVE-1999-0003 CVE-2001-0717 CVE-2002-0677 CVE-2002-0679 {307} The '\xoa' text at the top of Figure 13-16 should be '\x0a' {350} The rsync service (port 873) is also susceptible to CAN-2003-0962, so should read "see CVE-2002-0048 and CAN-2003-0962" {351} "2401 cvspserver Unix CVS service, vulnerable to a number of attacks" should read: "2401 cvspserver Unix CVS service, vulnerable to a number of attacks; see CVE-2003-0015" {351} The rwhois service on TCP port 4321 is also susceptible CVE-2001-0838, so should read "see CVE-2001-0838 and CVE-2001-0913" {352} The following should be added to Table A-2: 5135 objectserver IRIX ObjectServer service, can be used to add user accounts on IRIX 6.2 and prior; see CVE-2000-0245