Re: [nmap-svn] r31576 (Nmap NSE vulnerability)

[Jacek Wielemborek <d33tah () gmail com>]

29.07.2013 08:19, commit-mailer () nmap org:
> Author: fyodor
> Date: Mon Jul 29 06:19:24 2013
> New Revision: 31576
>
> Log:
> o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts.
>   If you ran the (fortunately non-default) http-domino-enum-passwords
>   script with the (fortunately also non-default)
>   domino-enum-passwords.idpath parameter against a malicious server,
>   it could cause an arbitrarily named file to to be written to the
>   client system.  Thanks to Trustwave researcher Piotr Duszynski for
>   discovering and reporting the problem.  We've fixed that script, and
>   also updated several other scripts to use a new
>   stdnse.filename_escape function for extra safety.  This breaks our
>   record of never having a vulnerability in the 16 years that Nmap has
>   existed, but that's still a fairly good run. [David, Fyodor]

I found this while reading Nmap's license headers:

>  * Source is provided to this software because we believe users have a     *
>  * right to know exactly what a program is going to do before they run it. *
>  * This also allows you to audit the software for security holes (none     *
>  * have been found so far).                                                *

Perhaps it would be appropriate to remove the "(none have been found so
far)" part?

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/