Nmap Development mailing list archives
Re: Openssh version detect may be inaccurate
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 22 Jun 2015 07:36:05 -0500
I do agree this version line could use some work, but I actually disagree that "Ubuntu-2ubuntu2" should be in the version field. The reason is that this is build information, not version information. When we build the CPE identifier for OpenSSH, it should contain the version that was released by the OpenSSH project. Build information from the Ubuntu package maintainers should probably go into the "extra info" field. I'm not going to take immediate action on this because it would require changing a lot of other fingerprints to match the new schema, but I would support someone else if the decided to undertake the task. Dan On Sun, Jun 21, 2015 at 10:16 PM, kid dragon <idragonkid () gmail com> wrote:
dear all, I found a match string of Openssh may be inaccurate. The origin banner is ```SSH-2.0-OpenSSH=5F6.6.1p1=20Ubuntu-2ubuntu2=0D=0A``` Nmap dectect the version of this banner as `6.6.1p1 Ubuntu 2ubuntu2`. But I think this version may be `6.6.1p1-2ubuntu2`, because I get the version like this (although not definitely is) from [1] rather than `6.6.1p1 Ubuntu 2ubuntu2` The nmap-service-probes match string is ```match ssh m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n| p/OpenSSH/ v/$2 Ubuntu $3/ i/Ubuntu Linux; protocol $1/ o/Linux/ cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/``` But I think the match string above may be ```match ssh m|^SSH-([\d.]+)-OpenSSH_([\w._-]+)[ -]{1,2}Ubuntu[ -_]([^\r\n]+)\r\n| p/OpenSSH/ v/$2-$3/ i/Ubuntu Linux; protocol $1/ o/Linux/ cpe:/a:openbsd:openssh:$2/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/``` Is it right? [1]https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2 _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Openssh version detect may be inaccurate kid dragon (Jun 09)
- <Possible follow-ups>
- Openssh version detect may be inaccurate kid dragon (Jun 21)
- Re: Openssh version detect may be inaccurate Daniel Miller (Jun 22)