Nmap Development mailing list archives
Re: Conficker scanning with nmap
From: Ron <ron () skullsecurity net>
Date: Thu, 02 Apr 2009 07:32:45 -0500
Lionel Cons wrote:
David Fifield <david () bamsoftware com> writes:I think we should just avoid calling EVP_EncryptUpdate when data_len == 0.I fully support this. Nmap (including the OpenSSL LUA library) should not crash so easily. The comment associated with the OpenSSL patch is very relevant: Check-in [17371]: Don't use assertions to check application-provided arguments; and don't unnecessarily fail on input size 0. Cheers, Lionel
I added a workaround for Beta7 -- if the server signature is 0-bytes long (which breaks protocol anyways -- signature should always be 8), it'll intentionally fail the login. AFter the failed login, it falls back to using the anonymous account (anonymous doesn't require any encryption). I tried checking for the error condition by wrapping openssl.encrypt() inside a pcall(), but because they're using assertions it still aborts the program. Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Conficker scanning with nmap Lionel Cons (Apr 01)
- Re: Conficker scanning with nmap Brandon Enright (Apr 01)
- Re: Conficker scanning with nmap Lionel Cons (Apr 01)
- Re: Conficker scanning with nmap David Fifield (Apr 01)
- Re: Conficker scanning with nmap Ron (Apr 01)
- Re: Conficker scanning with nmap David Fifield (Apr 01)
- Re: Conficker scanning with nmap Lionel Cons (Apr 02)
- Re: Conficker scanning with nmap Ron (Apr 02)
- Re: Conficker scanning with nmap Brandon Enright (Apr 01)