Re: nmap ends prematurely with a segfault

["DePriest, Jason R." <jrdepriest () gmail com>]

I just ran the same scan with RC2 and it completed without errors.

The program listening is part of IBM Director.  The executable is
wmicimserver.exe.

-Jason

On Nov 23, 2007 10:28 AM, Diman Todorov <diman.todorov () univie ac at> wrote:
> On Oct 18, 2007, at 10:15 PM, DePriest, Jason R. wrote:
>
> > I run nmap like this:
> > sudo nmap -v -sSUV -O -pT:-,U:[1-65535] --traceroute --reason
> > --script=discovery,safe,backdoor,vulnerability,malware --script-trace
> > -d6 xxx.yyy.zzz.190,153,193,89
> >
> > and after some time, it eventually ends with a segfault.
> >
> > Seriously, it ends with a simple "Segmentation fault" and nothing else
> > to help explain from where the segfault came.
> >
> > The last bit looks like this:
> > NSOCK (1524.9210s) Callback: READ SUCCESS for EID 770
> > [xxx.yyy.zzz.153:5988] (69 bytes): HTTP/1.1 401
> > Unauthorized..WWW-Authenticate: Basic realm="ANLYX2"....
> > SCRIPT ENGINE: TCP xxx.yyy.zzz.50:34039 < xxx.yyy.zzz.153:5988 |
> > HTTP/1.1 401 Unauthorized
> > WWW-Authenticate: Basic realm="ANLYX2"
> >
> >
> > NSOCK (1524.9210s) msevent_delete (IOD #28) (EID #770)
> > NSOCK (1524.9210s) wait_for_events
> > NSOCK (1524.9210s) PCAP read_on_nonselect
> > NSOCK (1524.9210s) PCAP END read_on_nonselect
> > SCRIPT ENGINE: TCP xxx.yyy.zzz.50:34039 > xxx.yyy.zzz.153:5988 | CLOSE
> > Segmentation fault
> >
> > I am attaching a file with all the output starting from when SCRIPT
> > ENGINE first showed up.  I hope anyway.  I could only scroll back 5000
> > lines.  If you need more, I can run it again (it is reproducible) and
> > tee the output or something.
>
> Hi,
>
> if you can still reproduce this problem with the most recent svn nmap
> version I'd like to ask you a few things:
>
> 1) does this happen if you only scan the .153 host? Can you give some
> more information about that host? Like, is there some service running
> on 5988? And if there is, what service is it?
>
> 2) would you mind sending that attachment of yours packed with some
> more common archiving tool?
>
> cheers,
> Diman
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org



-- 
NOTICE:  This email is being sent in clear-text across the public
Internet.  Therefore, any attempts to include unenforceable legalese
restrictions are ridiculous and pointless.  If you can read this,
consider yourself authorized (whether I like it or not).

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org