Nmap Development mailing list archives
Re: dev Digest, Vol 98, Issue 26
From: Brandon Oliver <bdoliver6 () gmail com>
Date: Sat, 18 May 2013 19:59:57 -0700
# Nmap 6.25 scan initiated Sun May 19 02:40:24 2013 as: C:\Program Files (x86)\Nmap\nmap.exe -p80 -Pn -O -o Nmap scan report for Host is up (0.018s latency). PORT STATE SERVICE 80/tcp open http MAC Address: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: printer Running: HP embedded, HP VxWorks OS CPE: cpe:/h:hp:laserjet_cp2025dn cpe:/h:hp:laserjet_p2045n cpe:/o:hp:vxworks OS details: HP LaserJet CP2025dn or P2035n printer, VxWorks: HP printer Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . # Nmap done at Sun May 19 02:40:31 2013 -- 1 IP address (1 host up) scanned in 7.46 seconds I have no issues this time On Sat, May 18, 2013 at 3:14 PM, Brandon Oliver <bdoliver6 () gmail com> wrote:
So I bought some server components for fun, oh ya, anything I could provide this piece of hardware for (setup from my home). I have a DNS setup but was wanting to host something, if you have any needs or wants let me know! An idea for scanning vehicle ECMs / .hex file injection. Theorycrafting so bare with me you brains, the goal is to be able to locate and inject a .hex file through a wireless gateway(bluetooth too slow?). 1. Protocols : j1850 PWM, j1850vPW, iso9141 / 14230, iso15765 (CAN)** Most vehicles after 2008 and some even beforehand are required to incorporate the CAN protocol into their ECM systems. The SAE has incorporated the CAN protocol in almost all new industrial equipment (i.e.) Frac pumps, Drills, Wireline, Drillmec Deepsea Automated Drilling, etc. Most vehicles accept and OBDII scan which incorporate multiple vehicle protocols, this connection only lists vehicle diagnostics. To inject a .hex file you need a specialized controller/transceiver which are: NXP SJA1000 CAN Controller, 16mhz NXP PCA82C251 CAN Transceiver Typically this is sent over a 9pinDSUB --->USB etc., the signal is simple to read with only can l, can hi. ground and 2 optional +5 volts, (magnets fuck this signal over :P) CAN is important because a conversion from serial to-so is a fairly simple crossover and enables the broadcast of all channels on the network, one after the other. In theory if you pickup 1 CAN signal in an industrial environment then you are reading all nodes attached. It's very cool if you are sick of serial channel setup amongst multiple equipment pieces and 1 damn data van. The trick! The CAN network can be accessed pretty easily through insecure access points in most data vans. Yes, these million dollar vans have a satellite with a super sweet server/printer combo that has been utilized before. By YOU GUYS actually...anyways back to my point. Well you might say this crazy guy hasnt provided us with a way to locate these damn ultramachines, well i believe that if you can locate the GO TO MEETING connection that goes out on every job (ports 8200, 443, 80) -ssl- then you will be able to locate the source of various types of industrial jobs. The broadcast satellite in the field supplied by inetvu will be the one acquiring the connection. From there, I would suggest the route of the print/server as this is what happened to me. GO TO MEETING whitepaper states that their connections is multilayered security, looks great, except for the intitial connection to the server. Make any sense? ALSO: Problems w/ NMAP How do I exactly enable c4005 to find the FORBIDDEN MACRO you put in ?? /* xkeycheck.h internal header */ #pragma once #ifndef _XKEYCHECK_H #define _XKEYCHECK_H #ifndef RC_INVOKED #ifndef _ALLOW_KEYWORD_MACROS #if !defined(__cplusplus) #if defined(auto) /* check C keywords */ \ || defined(break) \ || defined(case) \ || defined(char) \ || defined(const) \ || defined(continue) \ || defined(default) \ || defined(do) \ || defined(double) \ || defined(else) \ || defined(enum) \ || defined(extern) \ || defined(float) \ || defined(for) \ || defined(goto) \ || defined(if) \ || defined(inline) \ || defined(int) \ || defined(long) \ || defined(register) \ || defined(restrict) \ || defined(return) \ || defined(short) \ || defined(signed) \ || defined(sizeof) \ || defined(static) \ || defined(struct) \ || defined(switch) \ || defined(typedef) \ || defined(union) \ || defined(unsigned) \ || defined(void) \ || defined(volatile) \ || defined(while) \ || defined(_Bool) \ || defined(_Complex) \ || defined(_Imaginary) #define auto EMIT WARNING C4005 #define break EMIT WARNING C4005 #define case EMIT WARNING C4005 #define char EMIT WARNING C4005 #define const EMIT WARNING C4005 #define continue EMIT WARNING C4005 #define default EMIT WARNING C4005 #define do EMIT WARNING C4005 #define double EMIT WARNING C4005 #define else EMIT WARNING C4005 #define enum EMIT WARNING C4005 #define extern EMIT WARNING C4005 #define float EMIT WARNING C4005 #define for EMIT WARNING C4005 #define goto EMIT WARNING C4005 #define if EMIT WARNING C4005 #define inline EMIT WARNING C4005 #define int EMIT WARNING C4005 #define long EMIT WARNING C4005 #define register EMIT WARNING C4005 #define restrict EMIT WARNING C4005 #define return EMIT WARNING C4005 #define short EMIT WARNING C4005 #define signed EMIT WARNING C4005 #define sizeof EMIT WARNING C4005 #define static EMIT WARNING C4005 #define struct EMIT WARNING C4005 #define switch EMIT WARNING C4005 #define typedef EMIT WARNING C4005 #define union EMIT WARNING C4005 #define unsigned EMIT WARNING C4005 #define void EMIT WARNING C4005 #define volatile EMIT WARNING C4005 #define while EMIT WARNING C4005 #define _Bool EMIT WARNING C4005 #define _Complex EMIT WARNING C4005 #define _Imaginary EMIT WARNING C4005 #error The C Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. #endif /* defined... */ #else /* __cplusplus is defined */ #if defined(alignas) /* check C++ keywords */ \ || defined(alignof) \ || defined(asm) \ || defined(auto) \ || defined(bool) \ || defined(break) \ || defined(case) \ || defined(catch) \ || defined(char) \ || defined(char16_t) \ || defined(char32_t) \ || defined(class) \ || defined(const) \ || defined(const_cast) \ || defined(constexpr) \ || defined(continue) \ || defined(decltype) \ || defined(default) \ || defined(delete) \ || defined(do) \ || defined(double) \ || defined(dynamic_cast) \ || defined(else) \ || defined(enum) \ || defined(explicit) \ || defined(export) \ || defined(extern) \ || defined(false) \ || defined(float) \ || defined(for) \ || defined(friend) \ || defined(goto) \ || defined(if) \ || defined(inline) \ || defined(int) \ || defined(long) \ || defined(mutable) \ || defined(namespace) \ || defined(new) && defined(_ENFORCE_BAN_OF_MACRO_NEW) \ || defined(noexcept) \ || defined(nullptr) \ || defined(operator) \ || defined(private) \ || defined(protected) \ || defined(public) \ || defined(register) \ || defined(reinterpret_cast) \ || defined(return) \ || defined(short) \ || defined(signed) \ || defined(sizeof) \ || defined(static) \ || defined(static_assert) \ || defined(static_cast) \ || defined(struct) \ || defined(switch) \ || defined(template) \ || defined(this) \ || defined(thread_local) \ || defined(throw) \ || defined(true) \ || defined(try) \ || defined(typedef) \ || defined(typeid) \ || defined(typename) \ || defined(union) \ || defined(unsigned) \ || defined(using) \ || defined(virtual) \ || defined(void) \ || defined(volatile) \ || defined(wchar_t) \ || defined(while) #define alignas EMIT WARNING C4005 #define alignof EMIT WARNING C4005 #define asm EMIT WARNING C4005 #define auto EMIT WARNING C4005 #define bool EMIT WARNING C4005 #define break EMIT WARNING C4005 #define case EMIT WARNING C4005 #define catch EMIT WARNING C4005 #define char EMIT WARNING C4005 #define char16_t EMIT WARNING C4005 #define char32_t EMIT WARNING C4005 #define class EMIT WARNING C4005 #define const EMIT WARNING C4005 #define const_cast EMIT WARNING C4005 #define constexpr EMIT WARNING C4005 #define continue EMIT WARNING C4005 #define decltype EMIT WARNING C4005 #define default EMIT WARNING C4005 #define delete EMIT WARNING C4005 #define do EMIT WARNING C4005 #define double EMIT WARNING C4005 #define dynamic_cast EMIT WARNING C4005 #define else EMIT WARNING C4005 #define enum EMIT WARNING C4005 #define explicit EMIT WARNING C4005 #define export EMIT WARNING C4005 #define extern EMIT WARNING C4005 #define false EMIT WARNING C4005 #define float EMIT WARNING C4005 #define for EMIT WARNING C4005 #define friend EMIT WARNING C4005 #define goto EMIT WARNING C4005 #define if EMIT WARNING C4005 #define inline EMIT WARNING C4005 #define int EMIT WARNING C4005 #define long EMIT WARNING C4005 #define mutable EMIT WARNING C4005 #define namespace EMIT WARNING C4005 #ifdef _ENFORCE_BAN_OF_MACRO_NEW #define new EMIT WARNING C4005 #endif /* _ENFORCE_BAN_OF_MACRO_NEW */ #define noexcept EMIT WARNING C4005 #define nullptr EMIT WARNING C4005 #define operator EMIT WARNING C4005 #define private EMIT WARNING C4005 #define protected EMIT WARNING C4005 #define public EMIT WARNING C4005 #define register EMIT WARNING C4005 #define reinterpret_cast EMIT WARNING C4005 #define return EMIT WARNING C4005 #define short EMIT WARNING C4005 #define signed EMIT WARNING C4005 #define sizeof EMIT WARNING C4005 #define static EMIT WARNING C4005 #define static_assert EMIT WARNING C4005 #define static_cast EMIT WARNING C4005 #define struct EMIT WARNING C4005 #define switch EMIT WARNING C4005 #define template EMIT WARNING C4005 #define this EMIT WARNING C4005 #define thread_local EMIT WARNING C4005 #define throw EMIT WARNING C4005 #define true EMIT WARNING C4005 #define try EMIT WARNING C4005 #define typedef EMIT WARNING C4005 #define typeid EMIT WARNING C4005 #define typename EMIT WARNING C4005 #define union EMIT WARNING C4005 #define unsigned EMIT WARNING C4005 #define using EMIT WARNING C4005 #define virtual EMIT WARNING C4005 #define void EMIT WARNING C4005 #define volatile EMIT WARNING C4005 #define wchar_t EMIT WARNING C4005 #define while EMIT WARNING C4005 #error The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. #endif /* defined... */ #endif /* defined(__cplusplus) */ #endif /* _ALLOW_KEYWORD_MACROS */ #endif /* RC_INVOKED */ #endif /* _XKEYCHECK_H */ Would you just not recommend Visual Studio? I have checked out everything through svn but I am coming up with aroiund 260 errors, most were system errors that occured after I changed the output to x64 instead of x32. Here's an example of the output Warning 4 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 7 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 9 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 11 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 13 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 15 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 17 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 19 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 21 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 23 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 25 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 27 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 29 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Warning 31 warning C4005: 'inline' : macro redefinition D:\Visual Studio\VC\include\xkeycheck.h 199 1 nping Error 1 error LNK2026: module unsafe for SAFESEH image. C:\nmap\nmap\nmap-update\zlib.lib(inffas32.obj) nmap-update Error 2 error LNK2026: module unsafe for SAFESEH image. C:\nmap\nmap\nmap-update\zlib.lib(match686.obj) nmap-update Error 6 error LNK1281: Unable to generate SAFESEH image. C:\nmap\nmap\nmap-update\Release\nmap-update.exe nmap-update Error 3 error LNK1112: module machine type 'x64' conflicts with target machine type 'X86' C:\nmap\nmap\ncat\Release\base64.obj 1 1 ncat Error 5 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 8 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 10 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 12 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 14 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 16 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 18 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 20 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 22 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 24 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 26 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 28 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 30 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping Error 32 error C1189: #error : The C++ Standard Library forbids macroizing keywords. Enable warning C4005 to find the forbidden macro. D:\Visual Studio\VC\include\xkeycheck.h 242 1 nping On Sat, May 18, 2013 at 6:09 AM, <dev-request () nmap org> wrote:Send dev mailing list submissions to dev () nmap org To subscribe or unsubscribe via the World Wide Web, visit http://nmap.org/mailman/listinfo/dev or, via email, send a message with subject or body 'help' to dev-request () nmap org You can reach the person managing the list at dev-owner () nmap org When replying, please edit your Subject line so it is more specific than "Re: Contents of dev digest..." Today's Topics: 1. Re: NMAP Error (David Fifield) 2. Re: can not compile recent svn nmap on windows vc 2010 (David Fifield) 3. Re: nping command line parsing: set source IP address (Luis MartinGarcia.) 4. New VA Modules: OpenVAS: 5, Nessus: 18 (New VA Module Alert Service) 5. Terra: A low-level counterpart to Lua (John Bond) 6. Re: Nsock test suite (Henri Doreau) ---------------------------------------------------------------------- Message: 1 Date: Fri, 17 May 2013 16:16:07 -0700 From: David Fifield <david () bamsoftware com> To: Yen-Sung Mao <ymao () greenliant com> Cc: dev () nmap org Subject: Re: NMAP Error Message-ID: <20130517231607.GW18872 () ignominy bamsoftware com> Content-Type: text/plain; charset=us-ascii On Fri, May 10, 2013 at 11:38:27AM -0700, Yen-Sung Mao wrote:On Thu, May 09, 2013 at 05:48:42PM -0700, Yen-Sung Mao wrote:Hello, I'm constantly experiencing NMAP Runtime crash error when Itryto scan a subnet from a Windows system. I have tried on different machines with different Windows OS, but the problem always happen.Ihave attached the error below. I'm running the latest version6.25.Any help would be appreciated. Thanks, YenCan you show us the command line that you were using? You can omit the targets.I selected the Intense Scan from the dropdown menu. Something like this: nmap -T4 -A -v 10.220.7.0-254I only found this reference to a similar previous problem: http://seclists.org/nmap-dev/2012/q2/568 I have two tests I would like you to run. 1. Try running the same command from the command prompt (not Zenmap) and see if the same scan crashes. 2. Try running the command from another (non-Windows) computer, and save the output as XML. nmap -T4 -A -v 10.220.7.0-254 -oX scan.xml Then try opening scan.xml in Zenmap on Windows and see if it crashes. David Fifield ------------------------------ Message: 2 Date: Fri, 17 May 2013 16:18:34 -0700 From: David Fifield <david () bamsoftware com> To: Henri Doreau <henri.doreau () gmail com> Cc: Nmap dev <dev () nmap org>, Gisle Vanem <gvanem () broadpark no> Subject: Re: can not compile recent svn nmap on windows vc 2010 Message-ID: <20130517231834.GX18872 () ignominy bamsoftware com> Content-Type: text/plain; charset=utf-8 On Fri, May 17, 2013 at 11:46:29PM +0200, Henri Doreau wrote:NSOCK ERROR [157.9530s] mksock_set_broadcast(): Setting of SO_BROADCAST failed (IOD #52): Et ukjent ugyldig eller ikke st?ttet alternativ eller niv? ble angitt i et getsockopt- ellersetsockopt-kall(10042) Using Win-XP SP3, MSVC 2010.So this looks like attempts to apply SO_BROADCAST on SOCK_STREAM sockets. We could simply not do it. David, is there any peculiar reason why there's no check to restrict it to datagram sockets?I don't know. Why wasn't this a problem before? What do "git blame" and "git log -SSO_BROADCAST -p" say about the history? Your solution sounds fine. David Fifield ------------------------------ Message: 3 Date: Sat, 18 May 2013 09:58:16 +0200 From: "Luis MartinGarcia." <luis.mgarc () gmail com> To: Perry Hooker <phooker () terraechos com> Cc: David Fifield <david () bamsoftware com>, "dev () nmap org" <dev () nmap org> Subject: Re: nping command line parsing: set source IP address Message-ID: <51973498.90408 () gmail com> Content-Type: text/plain; charset=ISO-8859-1 I have tested this in a Linux Mint box and I can't reproduce it either. Regards, Luis MartinGarcia. On 05/17/2013 09:37 PM, Perry Hooker wrote:I compiled nmap/nping on a fresh install of CentOS 6.2, and the commandworked as expected. This seems to uphold your suspicions about something in the local configuration. My first thought: something to do with the getopt family of commands.Thank you for the advice thus far. -----Original Message----- From: David Fifield [mailto:david () bamsoftware com] Sent: Friday, May 17, 2013 11:48 AM To: Perry Hooker Cc: dev () nmap org Subject: Re: nping command line parsing: set source IP address On Fri, May 17, 2013 at 04:36:48PM +0000, Perry Hooker wrote:Yes, I built Nping from source. "make distclean" followed by rebuild had no effect. FWIW, this behavior also manifests on our servers running RHEL Server release 6.2 Beta (Santiago). Please let me know what details I can provide to help reproduce this behavior.It might help if you can find another machine that does not exhibit thebehavior, and see what's different about it. I still suspect something in the local configuration. This is the output I see with 0.6.25 on Debian 7:$ ./nping -c 1 -S 192.168.1.1 127.0.0.1 Starting Nping 0.6.25 ( http://nmap.org/nping ) at 2013-05-17 10:46PDT SENT (0.0017s) Starting TCP Handshake > 127.0.0.1:80 RECV (0.0018s) Possible TCP RST received from 127.0.0.1:80 --> Connection refusedMax rtt: N/A | Min rtt: N/A | Avg rtt: N/A TCP connection attempts: 1 |Successful connections: 0 | Failed: 1 (100.00%) Tx time: 0.00121s | Tx bytes/s: 66115.70 | Tx pkts/s: 826.45 Rx time: 0.00131s | Rx bytes/s: 0.00 | Rx pkts/s: 0.00 Nping done: 1 IP address pinged in 0.00 seconds$ ./nping -c 1 -S random 127.0.0.1 Starting Nping 0.6.25 ( http://nmap.org/nping ) at 2013-05-17 10:46PDT SENT (0.0016s) Starting TCP Handshake > 127.0.0.1:80 RECV (0.0017s) Possible TCP RST received from 127.0.0.1:80 --> Connection refusedMax rtt: N/A | Min rtt: N/A | Avg rtt: N/A TCP connection attempts: 1 |Successful connections: 0 | Failed: 1 (100.00%) Tx time: 0.00123s | Tx bytes/s: 64935.06 | Tx pkts/s: 811.69 Rx time: 0.00128s | Rx bytes/s: 0.00 | Rx pkts/s: 0.00 Nping done: 1 IP address pinged in 0.00 seconds$ sudo ./nping -c 1 -S 192.168.1.1 127.0.0.1 Starting Nping 0.6.25 ( http://nmap.org/nping ) at 2013-05-17 10:46PDT SENT (0.0602s) ICMP 192.168.1.1 > 127.0.0.1 Echo request (type=8/code=0) ttl=64 id=11543 iplen=28nping_event_handler(): READ-PCAP killed: Resource temporarilyunavailableMax rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 1 (28B) |Rcvd: 0 (0B) | Lost: 1 (100.00%) Tx time: 0.00122s | Tx bytes/s: 23007.40 | Tx pkts/s: 821.69 Rx time: 1.00120s | Rx bytes/s: 0.00 | Rx pkts/s: 0.00 Nping done: 1 IP address pinged in 1.06 seconds$ sudo ./nping -c 1 -S random 127.0.0.1 Starting Nping 0.6.25 ( http://nmap.org/nping ) at 2013-05-17 10:46PDT SENT (0.0586s) ICMP 88.131.55.162 > 127.0.0.1 Echo request (type=8/code=0) ttl=64 id=54569 iplen=28nping_event_handler(): READ-PCAP killed: Resource temporarilyunavailableMax rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 1 (28B) |Rcvd: 0 (0B) | Lost: 1 (100.00%) Tx time: 0.00127s | Tx bytes/s: 22134.39 | Tx pkts/s: 790.51 Rx time: 1.00075s | Rx bytes/s: 0.00 | Rx pkts/s: 0.00 Nping done: 1 IP address pinged in 1.06 secondsDavid Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/------------------------------ Message: 4 Date: Sat, 18 May 2013 10:00:39 +0000 (UTC) From: New VA Module Alert Service <postmaster () insecure org> To: dev () nmap org Subject: New VA Modules: OpenVAS: 5, Nessus: 18 Message-ID: <20130518100039.274417342 () hb insecure org> Content-Type: text/plain; charset="utf-8" This report describes any new scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus since yesterday. == OpenVAS plugins (5) == r16374 2013/gb_wordpress_wp_filemanager_file_dwnld_vuln.nasl http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_wordpress_wp_filemanager_file_dwnld_vuln.nasl?root=openvas&view=markup WordPress wp-FileManager Plugin File Download Vulnerability r16374 2013/gb_wordpress_newsletter_xss_vuln.nasl http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_wordpress_newsletter_xss_vuln.nasl?root=openvas&view=markup WordPress NewsLetter Plugin Cross Site Scripting Vulnerability r16374 803491 2013/gb_cogent_datahub_multiple_vuln.nasl http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_cogent_datahub_multiple_vuln.nasl?root=openvas&view=markup Cogent DataHub Multiple Vulnerabilities r16375 2013/gb_joomla_54932.nasl http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_joomla_54932.nasl?root=openvas&view=markup Joomla S5 Clan Roster com_s5clanroster 'id' Parameter SQL Injection Vulnerability r16375 2013/gb_op5_monitor_59880.nasl http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_op5_monitor_59880.nasl?root=openvas&view=markup op5<http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_op5_monitor_59880.nasl?root=openvas&view=markupop5>Monitor Multiple Information Disclosure and Security Bypass Vulnerabilities == Nessus plugins (18) == 66500 macosx_itunes_11_0_3.nasl http://nessus.org/plugins/index.php?view=single&id=66500 iTunes < 11.0.3 Certificate Validation Vulnerability (Mac OS X) 66499 itunes_11_0_3_banner.nasl http://nessus.org/plugins/index.php?view=single&id=66499 iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check) 66498 itunes_11_0_3.nasl http://nessus.org/plugins/index.php?view=single&id=66498 iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check) 66497 mutiny_5_0_1_11.nasl http://nessus.org/plugins/index.php?view=single&id=66497 Mutiny < 5.0-1.11 Multiple Directory Traversals 66496 ubuntu_USN-1831-1.nasl http://nessus.org/plugins/index.php?view=single&id=66496 Ubuntu 12.04 LTS / 12.10 / 13.04 : nova vulnerability (USN-1831-1) 66495 ubuntu_USN-1830-1.nasl http://nessus.org/plugins/index.php?view=single&id=66495 Ubuntu 12.04 LTS / 12.10 / 13.04 : keystone vulnerability (USN-1830-1) 66494 ubuntu_USN-1829-1.nasl http://nessus.org/plugins/index.php?view=single&id=66494 Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1829-1) 66493 suse_flash-player-8570.nasl http://nessus.org/plugins/index.php?view=single&id=66493 SuSE 10 Security Update : flash-player (ZYPP Patch Number 8570) 66492 suse_11_flash-player-130515.nasl http://nessus.org/plugins/index.php?view=single&id=66492 SuSE 11.2 Security Update : flash-player (SAT Patch Number 7720) 66491 sl_20130516_libvirt_on_SL6_x.nasl http://nessus.org/plugins/index.php?view=single&id=66491 Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 66490 sl_20130516_kernel_on_SL6_x.nasl http://nessus.org/plugins/index.php?view=single&id=66490 Scientific Linux Security Update : kernel on SL6.x i386/x86_64 66489 redhat-RHSA-2013-0831.nasl http://nessus.org/plugins/index.php?view=single&id=66489 RHEL 6 : libvirt (RHSA-2013-0831) 66488 redhat-RHSA-2013-0830.nasl http://nessus.org/plugins/index.php?view=single&id=66488 RHEL 6 : kernel (RHSA-2013-0830) 66487 fedora_2013-8298.nasl http://nessus.org/plugins/index.php?view=single&id=66487 Fedora 18 : thunderbird-17.0.6-1.fc18 (2013-8298) 66486 debian_DSA-2669.nasl http://nessus.org/plugins/index.php?view=single&id=66486 Debian DSA-2669-1 : linux - privilege escalation/denial of service/information leak 66485 centos_RHSA-2013-0831.nasl http://nessus.org/plugins/index.php?view=single&id=66485 CentOS : RHSA-2013-0831 66484 Slackware_SSA_2013-136-02.nasl http://nessus.org/plugins/index.php?view=single&id=66484 Slackware 13.1 / 13.37 / 14.0 / current : ruby (SSA:2013-136-02) 66483 Slackware_SSA_2013-136-01.nasl http://nessus.org/plugins/index.php?view=single&id=66483 Slackware 13.37 / 14.0 : mozilla-thunderbird x86_64 packages (SSA:2013-136-01) ------------------------------ Message: 5 Date: Sat, 18 May 2013 12:23:48 +0100 From: John Bond <john.r.bond () gmail com> To: "dev () nmap org" <dev () nmap org> Subject: Terra: A low-level counterpart to Lua Message-ID: <CAAEq_+sxO9-zzzM11XM8K= dvHPwKCiWfNG6VFdvsLYXJhBkp2g () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Hello All, Just came across a white paper on terra[1] """ Like C, Terra is a simple, statically-typed, compiled language with manual memory management. But unlike C, it is designed from the beginning to interoperate with Lua. Terra functions are first-class Lua values created using the terra keyword. When needed they are JIT-compiled to machine code. """ The paper is a bit beyond my level of understanding, but it seems like an interesting project. could NSE benefit from this? perhaps it would make a nice GSOC project, obviously for next year. John [1]http://terralang.org/pldi071-devito.pdf ------------------------------ Message: 6 Date: Sat, 18 May 2013 15:03:39 +0200 From: Henri Doreau <henri.doreau () gmail com> To: Nmap dev <dev () nmap org>, David Fifield <david () bamsoftware com> Subject: Re: Nsock test suite Message-ID: <CAPXEBz6MJOqpsn+Hjhgo9pS0Dc= O+yrjuCu8UUf3NSCxAB1vVA () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 2013/5/12 David Fifield <david () bamsoftware com>:On Sat, May 11, 2013 at 02:10:04AM +0200, Henri Doreau wrote:I hope you liked the idea. thanks for testing it.Can you figure out how to make these tests run from "make check" in the nsock/src directory and from the main directory? David FifieldI did so as of r30901, I hope it's the right way. -- Henri ------------------------------ Subject: Digest Footer _______________________________________________ dev mailing list dev () nmap org http://nmap.org/mailman/listinfo/dev ------------------------------ End of dev Digest, Vol 98, Issue 26 ***********************************
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: dev Digest, Vol 98, Issue 26 Brandon Oliver (May 18)