Network Security Assessment Confirmed Errata

Errata

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question

Version	Location	Description	Submitted By	Corrected
Printed	Page 4 Figure 1-1, Penetration Testing	"Wide scope 'no holds barred' approach involving multiple attack vendors..." should read: "...involving multiple attack vectors..."	Anonymous
Printed	Page 4 Figure 1-1	"Network Security Assessment Automated network scanning and report generation, useful to test networks from opportunistic attack" NOW READS: "Network Security Assessment Effective assessment of Internet- based risks using automated tools and qualification by hand"	Anonymous	Aug 2004
Printed	Page 8 Figure 1-2	The description in the "Brute Force Password Grinding" box: Using multipe vectors... should read: Using multiple vectors...	Anonymous
Printed	Page 8 Figure 1-2	"Accessible TOP and UDP network services" NOW READS: "Accessible TCP and UDP network services"	Anonymous	Aug 2004
Printed	Page 8 Figure 1-2	The arrow going down from 'Network Enumeration' to 'New domain names and IP addresses' HAS BEEN REVERSED and now points upward.	Anonymous	Aug 2004
Printed	Page 14	http://www.microsoft.com/ntserver/nts/downloads/recommended/netkit/default.asp NOW READS: http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp AND http://www.netxeyes.org/smbcrack.exe NOW READS: http://www.netxeyes.org/SMBCrack.exe	Anonymous	May 2004
Printed	Page 46	"Using half-open SYN flags to probe a target is known as an inverted technique because ... " NOW READS:: "Using malformed TCP flags to probe a target is known as an inverted technique because ... "	Anonymous	May 2004
Printed	Page 49	http://www.eaglenet.org/antirez/hping2.html NOW READS: http://www.hping.org	Anonymous	May 2004
Printed	Page 66 first paragraph	"If some ports don't respond, but others respond with RST/ACK, the unresponsive ports are considered unfiltered" NOW READS: "If some ports don't respond, but others respond with RST/ACK, the responsive ports are considered unfiltered"	Anonymous	Aug 2004
Printed	Page 79	Table 5-1 should include the following two entries: ZXFR denial-of-service CVE-2000-0887 8.2-8.2.2 patch level 6 Large TTL negative CVE-2003-0914 8.3-8.3.7 and 8.4-8.4.3 cache poisoning bug	Anonymous
Printed	Page 87	snmpwalk -c public 192.168.0.1 NOW READS: snmpwalk -c private 192.168.0.1	Anonymous	May 2004
Printed	Page 87 Example 5-14	"snmpwalk -c public 192.168.0.1" NOW READS: "snmpwalk -c private 192.168.0.1"	Anonymous	Aug 2004
Printed	Page 91	http://www.xfocus.net/exploits NOW READS: http://examples.oreilly.com/9780596006112/tools/bf_ldap.tar.gz	Anonymous	May 2004
Printed	Page 111 OpenSSL	"HEAD / HTTP/1.0" NOW APPERAS in bold.	Anonymous	Aug 2004
Printed	Page 121 Unicode revisited	http://www.example.org/scripts/..%255c../winnt/system32/cmd.exe/?/c+dir NOW READS: http://www.example.org/scripts/..%255c../winnt/system32/cmd.exe?/c+dir	Anonymous	Aug 2004
Printed	Page 122 Example 6-14	"ispc 192.168.189.10/scripts/idq.dll" NOW APPEARS in bold.	Anonymous	Aug 2004
Printed	Page 122	The following sentence HAS BEEN ADDED to the end of the first paragraph, so that ti NOW READS: " ... The iisoop.dll source code is available for analysis at http://www.w00w00.org/files/iisoop.tgz. The bug reference is CVE-2002-0869 and MS02-062."	Anonymous	Aug 2004
Printed	Page 138 About 1/3 down page, the two URLs	http://www.securityfocus.com/archive/75/295545/2003-09-07/2003-09-13/1 http://www.securityfocus.com/archive/75/337304/2003-09-11/2003-09-17/1 NOW READ: http://www.securityfocus.com/archive/75/295545 http://www.securityfocus.com/archive/75/337304	Anonymous	Aug 2004
Printed	Page 150 xp_cmdshell;the following code	"/price.asp?ProductID=12984';EXEC%20master..xp_cmdshell'ping.exe %20212.123.86.4" HAS BEEN REFORMATTED so that it NOW APPEARS: "/price.asp?ProductID=12984';EXEC%20master..xp_cmdshell'ping.exe%20212.123.86.4"	Anonymous	Aug 2004
Printed	Page 151 within the first code example at the top of the page	'net users' NOW READS 'net%20users'	Anonymous	Aug 2004
Printed	Page 162 Table 7-1	"OpenSSH 3.7.1 contains buffer management errors" NOW READS: "OpenSSH 3.7 and prior contains buffer management errors"	Anonymous	Aug 2004
Printed	Page 167 4th line from the bottom	"Running 7350logoout from a Linux platform" NOW READS: "Running 7350logout from a Linux platform".	Anonymous	Aug 2004
Printed	Page 171 2nd paragraph example	"chrismail.trustmatta.com" should be "chris mail.trustmatta.com"	Anonymous
Printed	Page 172 notes	It is very easy to get from user/bin to user/root under Unix-based systems should be: It is very easy to get from bin privilege to root privilege under Unix-based systems	Anonymous
Printed	Page 174 1st paragraph	X Consortium was closed in 1996. X is currently maintained by X.org foundation. see http://en.wikipedia.org/wiki/X_Window_System#The_X_Consortium	Anonymous
Printed	Page 197 Final paragraph	"although this may be difficult to exploit under Solaris." NOW READS: "although this may be difficult to exploit."	Anonymous	Aug 2004
Printed	Page 198 2nd paragraph	heck the MITRE CVE and ... Should be check the MITRE CVE and ...	Anonymous
Printed	Page 202 Microsoft SQL Server	"The service listens on UDP port 1434 and returns the IP address and port number" should read: "The service listens on UDP port 1434 and returns the server name and port number"	Anonymous
Printed	Page 202	http://www.sqlsecurity.com/uploads/sqlping.zip NOW READS: http://examples.oreilly.com/9780596006112/tools/sqlping.zip	Anonymous	May 2004
Printed	Page 204	http://www.sqlsecurity.com/uploads/forcesql.zip and http://www.sqlsecurity.com/uploads/sqlbf.zip NOW READ: http://examples.oreilly.com/9780596006112/tools/forcesql.zip and http://examples.oreilly.com/9780596006112/tools/sqlbf.zip	Anonymous	May 2004
Printed	Page 207 fig 8-7 and paragraph above	VSNUM should be: VSNNUM (also the index page 370 needs to be corrected too)	Anonymous
Printed	Page 210 table 8-5, 3rd entry in the "note" column	Oracle 8i and 9iVersion 8.1.7 and 9.0.1 and prior) TNS Listener... should be: Oracle 8i and 9i(Version 8.1.7 and 9.0.1 and prior) TNS Listener...	Anonymous
Printed	Page 213 Penultimate paragraph	" , which relates to a remote vulnerability in MySQL 3.23.56 ..." NOW READS: " , which relates to a post-authentication vulnerability in MySQL 3.23.56 ..."	Anonymous	Aug 2004
Printed	Page 215 Microsoft Windows Networking Services	To the list of ports (including loc-srv, netbios-ns, microsoft-ds, etc.), NOW READS: loc-srv 135/tcp ... netbios-ssn 139/tcp microsoft-ds 445/tcp microsoft-ds 445/udp	Anonymous	Aug 2004
Printed	Page 219 rpcdump and ifids, final line	"ncacn_http (RPC over HTTP on TCP port 80 or 593)" NOW READS: "ncacn_http (RPC over HTTP on TCP port 80, 593, or others)" {222, 227, and in the index} "Uriel" NOW READS "Urity"	Anonymous	Aug 2004
Printed	Page 223 Gleaning User Details via SAMR and LSARPC Interfaces, first	paragraph; " .. if the SAMR or LSARPC interfaces are accessible." NOW READS: " .. if the SAMR RPC interface is accessible."	Anonymous	Aug 2004
Printed	Page 232 penultimate paragraph	"An attack can run SMBRelay or LC4 ..." NOW READS: "An attack can run SMBRelay or LC5 ..."	Anonymous	Aug 2004
Printed	Page 234	http://ntsecurity.nu/toolbox/winfo.exe NOW READS: http://ntsecurity.nu/downloads/winfo	Anonymous	May 2004
Printed	Page 241 second paragraph, below Example 9-19	The four instances of "LC4" HAVE BEEN CHANGED to "LC5".	Anonymous	Aug 2004
Printed	Page 252	Table 10-1 NOW INCLUDES CVE-2002-0906, as follows: CVE-2002-0906 28/06/2002 Sendmail 8.12.4 and prior can be compromised if running in a non-default configuration, by an attacker using an authoritative DNS server to provide a malformed TXT record to the mail server upon connecting.	Anonymous	Aug 2004
Printed	Page 255 Table 10-3	the "ISS XFID ... Notes" table heading should have a dark grey shaded background	Anonymous
Printed	Page 268	(RDP running on TCP port 259) NOW READS: (RDP running on UDP port 259)	Anonymous	May 2004
Printed	Page 275 1st paragraph	Due to the number of different RPC services, associated prognum values, ... should be: Due to the number of different RPC services, associated program values, ...	Anonymous
Printed	Page 275	Table 12-1 is missing a bug in yppasswd, and currently reads: 100009 yppasswd Yes No No No CVE-2001-0779 should read: 100009 yppasswd Yes No Yes No CVE-2001-0779 CVE-2002-0357	Anonymous
Printed	Page 275	Table 12-1 is missing three bugs in ttdbserverd, and currently reads: 100083 ttdbserverd Yes No Yes Yes CVE-2001-0717 should read: 100083 ttdbserverd Yes No Yes Yes CVE-1999-0003 CVE-2001-0717 CVE-2002-0677 CVE-2002-0679	Anonymous
Printed	Page 307	The 'xoa' text at the top of Figure 13-16 should be 'x0a'	Anonymous
Printed	Page 312 Figure 13-17	"Pointer to formal string" NOW READS: "Pointer to format string"	Anonymous	Aug 2004
Printed	Page 313 Figure 13-18	"Pointer to formal string" NOW READS: "Pointer to format string"	Anonymous	Aug 2004
Printed	Page 327 Example 14-7	"25/tcp open smtp" NOW READS: "23/tcp open telnet"	Anonymous	Aug 2004
Printed	Page 350	The rsync service (port 873) is also susceptible to CAN-2003-0962, so should read "see CVE-2002-0048 and CAN-2003-0962"	Anonymous
Printed	Page 351	"2401 cvspserver Unix CVS service, vulnerable to a number of attacks" should read: "2401 cvspserver Unix CVS service, vulnerable to a number of attacks; see CVE-2003-0015"	Anonymous
Printed	Page 351	The rwhois service on TCP port 4321 is also susceptible CVE-2001-0838, so should read "see CVE-2001-0838 and CVE-2001-0913"	Anonymous
Printed	Page 352	The following should be added to Table A-2: 5135 objectserver IRIX ObjectServer service, can be used to add user accounts on IRIX 6.2 and prior; see CVE-2000-0245	Anonymous