Nmap Development mailing list archives
Re: nmap's service discovery crashable
From: Jacek Wielemborek <d33tah () gmail com>
Date: Tue, 15 Apr 2014 15:58:29 +0200
15/04/2014 15:57:26 Jacek Wielemborek <d33tah () gmail com>:
Hello, While trying to trick Nmap into printing non-ASCII characters from the payloads in service discovery mode, I stumbled upon a bug. Here's how to reproduce it: ncat -l 31337 -k --sh-exec "/bin/echo -en '\x00\x03sok\0.n\0\0\x33\x33\x33\x33\x33\x33\x33\x33'" & nmap localhost -p 31337 -sV --version-intensity 9 Yours, Jacek Wielemborek
Ah, sorry, forgot to include the output: Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-15 15:58 CEST nmap: service_scan.cc:758: char* substvar(char*, char**, const u8*, int, int*, int): Assertion `offstart >= 0 && offstart < subjectlen' failed. zsh: abort nmap localhost -p 31337 -sV --version-intensity 9
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap's service discovery crashable Jacek Wielemborek (Apr 15)
- Re: nmap's service discovery crashable Jacek Wielemborek (Apr 15)
- Re: nmap's service discovery crashable Daniel Miller (Apr 15)
- Re: nmap's service discovery crashable Daniel Miller (Apr 15)
- Re: nmap's service discovery crashable Daniel Miller (Apr 15)
- Re: nmap's service discovery crashable Daniel Miller (Apr 15)
- Re: nmap's service discovery crashable Jacek Wielemborek (Apr 15)