Re: Nmap 4.85BETA7 Released!

[henry.nymann () valeosylvania com]

nmap-dev-bounces () insecure org wrote on 04/01/2009 11:42:51 PM (trimmed):

> I'm pleased to announce the release of Nmap 4.85BETA7.  Hopefully it
> will be the last in this series of daily releases!  But as with the
> last two releases, we wanted to get some Conficker detection
> improvements out to the people.  And as with those other releases, we
> snuck in some other goodies as well :).  You can find the goods here:
>
> http://nmap.org/download.html
>
> And here are the changes:
>
> Nmap 4.85BETA7 [2009-04-1]
>
> o Improvements to the Conficker detection script (smb-check-vulns):
>   o Treat any NetPathCanonicalize()return code of 0x57 as indicative
>     of a vulnerable machine. We (and all the other scanners) used to
>     require the 0x57 return code as well as a canonicalized path
>     string including 0x5c450000.  Tenable confirmed an infected
>     system which returned a 0x00000000 path, so we now treat any
>     return code of 0x57 as indicative of an infection. [Ron]
>   o Add workaround for crash in older versions of OpenSSL which would
>     occur when we received a blank authentication challenge string
>     from the server.  The error looked like: evp_enc.c(282): OpenSSL
>     internal error, assertion failed: inl > 0". [Ron]
>   o Add helpful text for the two most common errors seen in the
>     Conficker check in smb-check-vulns.nse.  So instead of saying
>     things like "Error: NT_STATUS_ACCESS_DENIED", output is like:
>     |  Conficker: Likely CLEAN; access was denied.
>     |  |  If you have a login, try using
--script-args=smbuser=xxx,smbpass=yyy
>     |  |  (replace xxx and yyy with your username and password). Also try
>     |  |_ smbdomain=zzz if you know the domain. (Error
> NT_STATUS_ACCESS_DENIED)
>     The other improved message is for
>     NT_STATUS_OBJECT_NAME_NOT_FOUND. [David]
>
> Enjoy!
> -Fyodor
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

Good morning,

I downloaded and tried the new beta 7 version this morning.  Specifically,
I'm running it on a Windows 2003 SP2 server, and I uninstalled beta 6
first.  However, I am not getting the new messages that this e-mail
references, so does that mean something did not update correctly on my
server?  Doing a "Help | About" confirms the beta 7 version.

Henry Nymann
This e-mail message is intended only for the use of the intended recipient(s).
The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly 
prohibited.
If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org