Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Never ending RPC scripts

From: Henri Doreau <henri.doreau () gmail com>
Date: Sat, 20 Oct 2012 02:09:02 +0200
Hi,

I noticed that nmap gets DoSed when scanning a chargen spitting zeroes
(haven't tried other subtleties). By DoSed I mean infinite loop in
rpc.lua and significant CPU consumption if network is fast enough.

To reproduce:

target:~$ ncat ---keep-open -l 4444 < /dev/zero
scanner:~$ nmap -sV target

(reproducer works fine with target being localhost too).

Basically, the data is being ignored by ReceivePacket()
(nselib/rpc.lua) and the RPC decoding process never actually starts.

I mitigated the issue using the patch attached that limits iterations
to an (arbitrary) chosen number. It's not checked in as I haven't
checked yet whether RFCs specify a cleaner way to do these receiving
operations (suggestions are welcome).

Regards.

-- 
Henri

Attachment: nserpc_loop_fix.diff
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: