Possible Buffer Overflow nmap

[Pablo Sacristan del Junco <pabstersac () gmail com>]

Go to the command prompt or terminal and do:
nmap 192.168.1.1 -A -Pn

then quickly turn off wi-fi and wait for a few seconds

it will show:

nmap(24924,0xa3d5f000) malloc: *** error for object 0x7bb61fb0: pointer
being freed was not allocated

*** set a breakpoint in malloc_error_break to debug

Abort trap: 6

syslog:
17/07/16 05:39:46,389 nmap[24505]: nmap(24505,0xa3d5f000) malloc: *** error
for object 0x7978d7a0: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug


that is in mac and it is dangerous. In other OS's it gives segfault which
is very dangerous.

Doing the same but turning wifi off later after  can sometimes give
segfault:

Segmentation fault: 11


This can have undefined behavior, but if controlled might lead to rce or
crash.


Can be local or external if there is a server online that does nmap, you
can make your server open a lot of ports and then make it nmap -A -Pn -more
options "your server ip address", and then you can attempt to take it
offline, maybe by DDOS or if you have access to the router and many more
options.


This can lead to crash or undefined other behaviour.

Platform: x86_64-apple-darwin13.4.0

Newest version of nmap

Hope it helps ;)

Sincerely,

Pablo

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/