Nmap Development mailing list archives
Re: Crash in libssh with certain SSH scripts
From: Daniel Cater <djcater () gmail com>
Date: Mon, 25 Jun 2018 21:46:55 +0100
Hello, Is there anyone who can help with this? I've created a minimised test case to help reproduce the issue which is in the GitHub ticket mentioned below. Thanks. On Mon, 28 May 2018 at 19:27, Daniel Cater <djcater () gmail com> wrote:
Hello, $ nmap -V Nmap version 7.70 ( https://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.3.3 openssl-1.0.2g nmap-libssh2-1.8.0 libz-1.2.8 libpcre-8.38 libpcap-1.7.4 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select On a job recently Nmap 7.70 kept crashing during the NSE phase, and after a while of debugging it, I narrowed it down to one particular host with TCP port 22 open. From there, I narrowed it down to a couple of non-default SSH scripts that I had added in: ssh-publickey-acceptance and ssh-auth-methods. When connecting to the port with the ssh command on Linux, or even just with ncat, it just responds with a message like "\nConnection refused", possibly suggesting some application-layer IP address filtering. I replicated the response with ncat and created a minimised test case. The leading newline appears to be relevant. I've included the relevant commands for ncat and Nmap, and the debugging output here in GitHub: https://github.com/nmap/nmap/issues/1227 I'm not sure if there's a vulnerability here, but sometimes the crash does mention a double free. I would appreciate if someone who knows more about the recent libssh integration could have a look and try and fix it. If there's any more info I can provide to help, please let me know. Thank you.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Crash in libssh with certain SSH scripts Daniel Cater (Jul 02)