Re: [NSE] New script and email update patch

[Henri Doreau <henri.doreau () greenbone net>]

2011/8/21 Duarte Silva <duarte.silva () serializing me>:
> Hi,
>
> I have a new script and need some feedback. It's based in a pretty recent
> Full-Disclosure thread [1], from the script description:
>
> Verifies if a host running Apache HTTP server migth be vulnerable to a memory
> exhaustion based DoS. The script sends a HEAD request that only accepts gzip
> encoding, triggering the Apache mod_gzip/mod_deflate module. If the server
> responds with a 206 status code, then it is highly probable that the server is
> vulnerable.
>
> [1] http://seclists.org/fulldisclosure/2011/Aug/175
>
> New script and patch in the attachments as usual, regards
> Duarte Silva
Hello,

thanks for this new script, please find below my comments about it.
  - Unless there is a special need (which I can't see) for parsing the
command line in the portrule, you should do this at the beginning of
the action function instead. This will simplify your portrule function
(to "portrule = shortport.http"), and you can then also reduce the
scope of script_opts to the action function.
  - Please use stdnse.format_output[1] instead ot strjoin(), if
possible, to produce your results. This helps having consistent
output.
  - I would also suggest renaming the script into
http-vuln-cve2011-3192.nse, as we did for other vulnerability
detection scripts. (I think that this is the CVE for the vuln this
script tries to detect but one might want to check that).

As a side note, if you want to use shortport.http in your portrule
function, don't simply return shortport.http. You need to actually
call it, like:
"""
portrule = function(host, port)
    -- do stuff...
   return shortport.http(host, port)
end
"""

Regards.

[1] http://nmap.org/nsedoc/lib/stdnse.html#format_output


-- 
Henri
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/