Re: [nmap-svn] r28044 - nmap

[David Fifield <david () bamsoftware com>]

On Fri, Feb 10, 2012 at 01:00:09AM -0800, commit-mailer () insecure org wrote:
> Author: henri
> Date: Fri Feb 10 01:00:08 2012
> New Revision: 28044
>
> Log:
> Updated CPEs for VMWare ESX and ESXi after discussions with NIST regarding
> consistency of the official CPE (and related CVE) names for VMWare ESX and ESXi.
>
>   * As ESXi is a bare-metal hypervisor, the official CPEs will be moved from "a"
>     to "o" category (which nmap already used).
>
>   * cpe:/a:vmware:esx_server will be re-mapped to cpe:/o:vmware:esx for
>     consistency.
>
>   * CPE dictionary and CVE database will soon be updated accordingly by NIST.
>
> This commit also adds distinction between ESX and ESXi.
>
>
>  Fingerprint VMware ESX Server 3.0.2
>  Class VMware | ESX Server | 3.X | specialized
> -CPE cpe:/o:vmware:esx_server:3 auto
> +CPE cpe:/o:vmware:esx:3.0:2
>  SEQ(SP=FD-107%GCD=1-6%ISR=105-113%TI=Z%II=I%TS=7)
>  OPS(O1=M5B4NW1NNT11%O2=M5B4NW1NNT11%O3=M5B4NW1NNT11%O4=M5B4NW1NNT11%O5=M5B4NW1NNT11%O6=M5B4NNT11)
>  WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
>  ...
>  Fingerprint VMware ESXi Server 3.5
>  Class VMware | ESX Server | 3.X | specialized
> -CPE cpe:/o:vmware:esx_server:3 auto
> +CPE cpe:/o:vmware:esxi:3.5
>  SEQ(SP=F6-106%GCD=1-6%ISR=104-10E%TI=Z%CI=RI%TS=7)
>  OPS(O1=M5B4NW1NNT11%O2=M5B4NW1NNT11%O3=M5B4NW1NNT11%O4=M5B4NW1NNT11%O5=M5B4NW1NNT11%O6=M5B4NNT11)
>  WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)

Based on what you wrote, it seems we should also add a new Nmap class
"ESXi" (instead of "ESX Server")? If you think so, would you do that
too?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/