Nmap Development mailing list archives
Re: Nmap 4.85BETA7 Overflow
From: Daniel Roethlisberger <daniel () roe ch>
Date: Thu, 16 Apr 2009 14:50:19 +0200
Otávio <octpos () gmail com> 2009-04-16:
I was running nmap to see some remote server information, and after some second, the scan resulted in a overflow. That's some known issue?
Yes, this should be fixed in r12974. It's actually a runtime linker problem (symbol name collision), not an overflow.
The same parameters didn't resulted in overflow in other servers, so I'm sniffing the server response to see if I get some think .
I believe it only happens when Nmap negotiates an SSL/TLS connection with DEFLATE compression.
Here's the gdb backtrack: (gdb) run -A -T4 (*) The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/local/bin/nmap -A -T4 (*) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Starting Nmap 4.85BETA7 ( http://nmap.org ) at 2009-04-15 22:42 BRT Program received signal SIGSEGV, Segmentation fault. 0x080c1cc3 in adler32 () (gdb) bt #0 0x080c1cc3 in adler32 () #1 0xb7a70119 in inflate () from /usr/lib/libz.so.1 #2 0xb7e08da8 in ?? () from /usr/lib/i686/cmov/libcrypto.so.0.9.8 #3 0x0c823b18 in ?? () #4 0x00000002 in ?? () #5 0x00000000 in ?? () (gdb)
-- Daniel Roethlisberger http://daniel.roe.ch/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.85BETA7 Overflow Otávio (Apr 16)
- Re: Nmap 4.85BETA7 Overflow Daniel Roethlisberger (Apr 16)