Nmap Development mailing list archives
Re: [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 30 Jun 2011 23:32:32 +0100
On Thu, Jun 30, 2011 at 07:44:19PM +0100, Djalal Harouni wrote:
On Thu, Jun 30, 2011 at 08:21:42PM +0200, Henri Doreau wrote:2011/6/30 Djalal Harouni <tixxdz () opendz org>:After more tests I'll commit it tomorrow, thanks.Thanks Djalal, I have successfully tested the script against the following systems - ProFTPD 1.3.2rc4 on Linux x86_64 (vulnerable) - ProFTPD 1.3.3b on FreeBSD x86_64 (vulnerable) As well as this one: - ProFTPD 1.3.4rc2 (devel) on Linux x86_64 (not vulnerable)Ok, that evil packet gives us good result :)For this last case the script doesn't generate a false positive but I get: "ftp-vuln-cve2010-4221: this is not ProFTPD server." despite -sV correctly detected ProFTPD. Maybe this script could offer an option to force the more intrusive checks and/or use port.version.product if available.I'll use that info if available otherwise we'll just force the check by default (even if we miss the version match).
Henri I've committed the script as r24522, now if the script detect the correct version it will use it to detect if it's vulnerable or not otherwise it will force the stack corruption check, and I didn't use the port.version.product since it was already used in the portrule, let me know if you have more comments. Fyodor I don't know if you will include this script in the 5.59BETA1, but after a quick random scan, I can tell you that I found a lot of vulnerable ProFTPD servers running. If you do please update the nmap-trunk CHANGELOG, thanks. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow Djalal Harouni (Jun 30)
- Re: [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow Henri Doreau (Jun 30)
- Re: [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow Djalal Harouni (Jun 30)
- Re: [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow Djalal Harouni (Jun 30)
- Re: [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow Djalal Harouni (Jun 30)
- Re: [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow Henri Doreau (Jun 30)