Re: Nmap 4.85BETA7 Overflow

[Daniel Roethlisberger <daniel () roe ch>]

Otávio <octpos () gmail com> 2009-04-16:
> I was running nmap to see some remote server information, and after some
> second, the scan resulted in a overflow.
> That's some known issue?

Yes, this should be fixed in r12974.  It's actually a runtime
linker problem (symbol name collision), not an overflow.

> The same parameters didn't resulted in overflow in other servers, so I'm
> sniffing the server response to see if I get some think .

I believe it only happens when Nmap negotiates an SSL/TLS
connection with DEFLATE compression.

> Here's the gdb backtrack:
>
> (gdb) run -A -T4   (*)
> The program being debugged has been started already.
> Start it from the beginning? (y or n) y
> Starting program: /usr/local/bin/nmap -A -T4   (*)
> (no debugging symbols found)
> (no debugging symbols found)
> (no debugging symbols found)
>
> Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-15 22:42 BRT
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x080c1cc3 in adler32 ()
> (gdb) bt
> #0  0x080c1cc3 in adler32 ()
> #1  0xb7a70119 in inflate () from /usr/lib/libz.so.1
> #2  0xb7e08da8 in ?? () from /usr/lib/i686/cmov/libcrypto.so.0.9.8
> #3  0x0c823b18 in ?? ()
>  #4  0x00000002 in ?? ()
> #5  0x00000000 in ?? ()
> (gdb)

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org