Nmap Development mailing list archives

Re: Nmap 6.45 Informal Release

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 13 Apr 2014 06:55:17 -0500

Patrik,

I saw that commit, but I was confused: Won't this reintroduce the problem
Brendan was having with large heartbeat responses? I specifically chose
0x0fe9 as the smallest request that would reliably get a response from the
openssl s_server tool, but I'm open to correction if you have evidence of
better support for a different size.

I don't know if IDS detection would be a concern, but using 0x4000 makes us
send the exact probe that everyone is matching against. Also of note,
apparently changing the heartbeat payload size is a way for an attacker to
select memory from a different area, since the OpenSSL allocator reuses
chunks of memory by size.

Dan


On Sun, Apr 13, 2014 at 6:21 AM, Patrik Karlsson <patrik () cqure net> wrote:

Fyodor,

I think the change to the requested size that I committed as r32828 fixes
an important bug and should probably make it into the release unless
someone disagrees.

Thanks,
Patrik


On Sat, Apr 12, 2014 at 4:54 PM, Fyodor <fyodor () nmap org> wrote:

Hi Folks!  Late last night we posted Nmap version 6.45 to the web site.

It

includes Patrik's excellent ssl-heartbleed script for detecting

vulnerable

SSL servers (http://nmap.org/nsedoc/scripts/ssl-heartbleed.html) and

also

Rob Nicholls' super quick update of our Windows OpenSSL binaries to help
keep Nmap users safe from the same issue.  We never shipped vulnerable
OpenSSL libraries with our Linux or Mac packages, and our new 6.45

Windows

packages are now linked to a secure version (1.0.1g).

This release also includes tons of other major improvements we made over
the last 8 months since the 6.40 release.  Some of the improvements can

be

found in the raw-format CHANGELOG (http://nmap.org/changelog.html) and

I'm

working on cleaned up release notes now.

Please give it a try and let me know if you find any problems.  If all
seems well, I'll announce the release more prominently early next week.

Cheers,
Fyodor
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Nmap 6.45 Informal Release Fyodor (Apr 12)
- Re: Nmap 6.45 Informal Release Patrik Karlsson (Apr 13)
  - Re: Nmap 6.45 Informal Release Daniel Miller (Apr 13)
    - Re: Nmap 6.45 Informal Release Patrik Karlsson (Apr 13)
    - Re: Nmap 6.45 Informal Release Daniel Miller (Apr 14)
- Re: Nmap 6.45 Informal Release - citrixxml.lua accidental tarpit Tom Sellers (Apr 13)
  - Re: Nmap 6.45 Informal Release - citrixxml.lua accidental tarpit Patrik Karlsson (Apr 13)
    - Re: Nmap 6.45 Informal Release - citrixxml.lua accidental tarpit Tom Sellers (Apr 13)