The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".
The following errata were submitted by our customers and approved as valid errors by the author or editor.
| Version |
Location |
Description |
Submitted By |
Date Submitted |
Date Corrected |
| Printed |
Page 4
Figure 1-1, Penetration Testing |
"Wide scope 'no holds barred' approach involving multiple attack vendors..."
should read:
"...involving multiple attack vectors..."
|
Anonymous |
|
|
| Printed |
Page 4
Figure 1-1 |
"Network Security Assessment
Automated network scanning and
report generation, useful to test
networks from opportunistic attack"
NOW READS:
"Network Security Assessment
Effective assessment of Internet-
based risks using automated tools
and qualification by hand"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 8
Figure 1-2 |
The description in the "Brute Force Password Grinding" box:
Using multipe vectors...
should read:
Using multiple vectors...
|
Anonymous |
|
|
| Printed |
Page 8
Figure 1-2 |
"Accessible TOP and UDP network services"
NOW READS:
"Accessible TCP and UDP network services"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 8
Figure 1-2 |
The arrow going down from 'Network Enumeration' to 'New domain names and IP
addresses' HAS BEEN REVERSED and now points upward.
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 14
|
http://www.microsoft.com/ntserver/nts/downloads/recommended/netkit/default.asp
NOW READS:
http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp
AND
http://www.netxeyes.org/smbcrack.exe
NOW READS:
http://www.netxeyes.org/SMBCrack.exe
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 46
|
"Using half-open SYN flags to probe a target is known as an inverted technique because ... "
NOW READS::
"Using malformed TCP flags to probe a target is known as an inverted technique because ... "
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 49
|
http://www.eaglenet.org/antirez/hping2.html
NOW READS:
http://www.hping.org
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 66
first paragraph |
"If some ports don't respond, but others respond with
RST/ACK, the unresponsive ports are considered unfiltered"
NOW READS:
"If some ports don't respond, but others respond with
RST/ACK, the responsive ports are considered unfiltered"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 79
|
Table 5-1 should include the following two entries:
ZXFR denial-of-service CVE-2000-0887 8.2-8.2.2 patch level 6
Large TTL negative CVE-2003-0914 8.3-8.3.7 and 8.4-8.4.3
cache poisoning bug
|
Anonymous |
|
|
| Printed |
Page 87
|
snmpwalk -c public 192.168.0.1
NOW READS:
snmpwalk -c private 192.168.0.1
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 87
Example 5-14 |
"snmpwalk -c public 192.168.0.1"
NOW READS:
"snmpwalk -c private 192.168.0.1"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 91
|
http://www.xfocus.net/exploits
NOW READS:
http://examples.oreilly.com/9780596006112/tools/bf_ldap.tar.gz
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 111
OpenSSL |
"HEAD / HTTP/1.0" NOW APPERAS in bold.
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 121
Unicode revisited |
http://www.example.org/scripts/..%255c../winnt/system32/cmd.exe/?/c+dir
NOW READS:
http://www.example.org/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 122
Example 6-14 |
"ispc 192.168.189.10/scripts/idq.dll" NOW APPEARS in bold.
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 122
|
The following sentence HAS BEEN ADDED to the end of the first paragraph, so that ti NOW READS:
" ... The iisoop.dll source code is available for analysis at
http://www.w00w00.org/files/iisoop.tgz. The bug reference is CVE-2002-0869
and MS02-062."
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 138
About 1/3 down page, the two URLs |
http://www.securityfocus.com/archive/75/295545/2003-09-07/2003-09-13/1
http://www.securityfocus.com/archive/75/337304/2003-09-11/2003-09-17/1
NOW READ:
http://www.securityfocus.com/archive/75/295545
http://www.securityfocus.com/archive/75/337304
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 150
xp_cmdshell;the following code |
"/price.asp?ProductID=12984';EXEC%20master..xp_cmdshell'ping.exe
%20212.123.86.4"
HAS BEEN REFORMATTED so that it NOW APPEARS:
"/price.asp?ProductID=12984';EXEC%20master..xp_cmdshell'ping.exe%20212.123.86.4"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 151
within the first code example at the top of the page |
'net users' NOW READS 'net%20users'
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 162
Table 7-1 |
"OpenSSH 3.7.1 contains buffer management errors"
NOW READS:
"OpenSSH 3.7 and prior contains buffer management errors"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 167
4th line from the bottom |
"Running 7350logoout from a Linux platform"
NOW READS:
"Running 7350logout from a Linux platform".
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 171
2nd paragraph example |
"chrismail.trustmatta.com" should be "chris mail.trustmatta.com"
|
Anonymous |
|
|
| Printed |
Page 172
notes |
It is very easy to get from user/bin to user/root under Unix-based systems
should be:
It is very easy to get from bin privilege to root privilege under Unix-based systems
|
Anonymous |
|
|
| Printed |
Page 174
1st paragraph |
X Consortium was closed in 1996. X is currently maintained by X.org foundation.
see http://en.wikipedia.org/wiki/X_Window_System#The_X_Consortium
|
Anonymous |
|
|
| Printed |
Page 197
Final paragraph |
"although this may be difficult to exploit under Solaris."
NOW READS:
"although this may be difficult to exploit."
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 198
2nd paragraph |
heck the MITRE CVE and ...
Should be
check the MITRE CVE and ...
|
Anonymous |
|
|
| Printed |
Page 202
Microsoft SQL Server |
"The service listens on UDP port 1434 and returns the IP address and port number"
should read:
"The service listens on UDP port 1434 and returns the server name and port number"
|
Anonymous |
|
|
| Printed |
Page 202
|
http://www.sqlsecurity.com/uploads/sqlping.zip
NOW READS:
http://examples.oreilly.com/9780596006112/tools/sqlping.zip
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 204
|
http://www.sqlsecurity.com/uploads/forcesql.zip
and
http://www.sqlsecurity.com/uploads/sqlbf.zip
NOW READ:
http://examples.oreilly.com/9780596006112/tools/forcesql.zip
and
http://examples.oreilly.com/9780596006112/tools/sqlbf.zip
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 207
fig 8-7 and paragraph above |
VSNUM should be: VSNNUM
(also the index page 370 needs to be corrected too)
|
Anonymous |
|
|
| Printed |
Page 210
table 8-5, 3rd entry in the "note" column |
Oracle 8i and 9iVersion 8.1.7 and 9.0.1 and prior) TNS Listener...
should be:
Oracle 8i and 9i(Version 8.1.7 and 9.0.1 and prior) TNS Listener...
|
Anonymous |
|
|
| Printed |
Page 213
Penultimate paragraph |
" , which relates to a remote vulnerability in MySQL 3.23.56 ..."
NOW READS:
" , which relates to a post-authentication vulnerability in MySQL 3.23.56
..."
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 215
Microsoft Windows Networking Services |
To the list of ports (including loc-srv, netbios-ns, microsoft-ds, etc.),
NOW READS:
loc-srv 135/tcp
...
netbios-ssn 139/tcp
microsoft-ds 445/tcp
microsoft-ds 445/udp
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 219
rpcdump and ifids, final line |
"ncacn_http (RPC over HTTP on TCP port 80 or 593)"
NOW READS:
"ncacn_http (RPC over HTTP on TCP port 80, 593, or others)"
{222, 227, and in the index}
"Uriel" NOW READS "Urity"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 223
Gleaning User Details via SAMR and LSARPC Interfaces, first |
paragraph;
" .. if the SAMR or LSARPC interfaces are accessible."
NOW READS:
" .. if the SAMR RPC interface is accessible."
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 232
penultimate paragraph |
"An attack can run SMBRelay or LC4 ..."
NOW READS:
"An attack can run SMBRelay or LC5 ..."
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 234
|
http://ntsecurity.nu/toolbox/winfo.exe
NOW READS:
http://ntsecurity.nu/downloads/winfo
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 241
second paragraph, below Example 9-19 |
The four instances of "LC4" HAVE BEEN CHANGED to "LC5".
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 252
|
Table 10-1 NOW INCLUDES CVE-2002-0906, as follows:
CVE-2002-0906 28/06/2002 Sendmail 8.12.4 and prior can be compromised
if running in a non-default
configuration, by an attacker using an
authoritative DNS server to provide
a malformed TXT record to the mail server upon
connecting.
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 255
Table 10-3 |
the "ISS XFID ... Notes" table heading should have a dark grey shaded background
|
Anonymous |
|
|
| Printed |
Page 268
|
(RDP running on TCP port 259)
NOW READS:
(RDP running on UDP port 259)
|
Anonymous |
|
May 01, 2004 |
| Printed |
Page 275
1st paragraph |
Due to the number of different RPC services, associated prognum values, ...
should be:
Due to the number of different RPC services, associated program values, ...
|
Anonymous |
|
|
| Printed |
Page 275
|
Table 12-1 is missing a bug in yppasswd, and currently reads:
100009 yppasswd Yes No No No CVE-2001-0779
should read:
100009 yppasswd Yes No Yes No CVE-2001-0779
CVE-2002-0357
|
Anonymous |
|
|
| Printed |
Page 275
|
Table 12-1 is missing three bugs in ttdbserverd, and currently reads:
100083 ttdbserverd Yes No Yes Yes CVE-2001-0717
should read:
100083 ttdbserverd Yes No Yes Yes CVE-1999-0003
CVE-2001-0717
CVE-2002-0677
CVE-2002-0679
|
Anonymous |
|
|
| Printed |
Page 307
|
The 'xoa' text at the top of Figure 13-16 should be 'x0a'
|
Anonymous |
|
|
| Printed |
Page 312
Figure 13-17 |
"Pointer to formal string"
NOW READS:
"Pointer to format string"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 313
Figure 13-18 |
"Pointer to formal string"
NOW READS:
"Pointer to format string"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 327
Example 14-7 |
"25/tcp open smtp"
NOW READS:
"23/tcp open telnet"
|
Anonymous |
|
Aug 01, 2004 |
| Printed |
Page 350
|
The rsync service (port 873) is also susceptible to CAN-2003-0962, so
should read "see CVE-2002-0048 and CAN-2003-0962"
|
Anonymous |
|
|
| Printed |
Page 351
|
"2401 cvspserver Unix CVS service, vulnerable to a number of attacks"
should read:
"2401 cvspserver Unix CVS service, vulnerable to a number of attacks;
see CVE-2003-0015"
|
Anonymous |
|
|
| Printed |
Page 351
|
The rwhois service on TCP port 4321 is also susceptible CVE-2001-0838, so
should read "see CVE-2001-0838 and CVE-2001-0913"
|
Anonymous |
|
|
| Printed |
Page 352
|
The following should be added to Table A-2:
5135 objectserver IRIX ObjectServer service, can be used to add user
accounts on IRIX 6.2
and prior; see CVE-2000-0245
|
Anonymous |
|
|
