Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: giop-info - probe is decodes as malformed packet in Wireshark?

From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 2 Mar 2012 17:52:35 +0100
On Wed, Feb 29, 2012 at 9:38 PM, Marcus Haebler <haebler () gmail com> wrote:


All,

It is seems that giop-info or more likely the underlying giop library is
creating a malformed packet - according to Wireshark. I see this with nmap
5.51 on Linux x86_64.

Before I spend time trying to hunt this down, has anyone else seen this
problem (and solved it)?

More as an FYI the GIOP service responds to the malformed message
(rightfully, if the probe is malformed) with a GIOP error message which
does not seem to go well with the giop library - it throws an exception.


Thanks,

Marcus
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



Hi Marcus,

I just quickly looked into this and I'm pretty sure it's a padding problem
misaligning the message.
I was able to quickly patch the get request to confirm this, but then had a
problem with the following _is_a request.
If you want to look into this please do and let me know how things go,
otherwise I'll add it to the todo list.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: