Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Service fingerprint update / fix for libssh (patch)

From: David Fifield <david () bamsoftware com>
Date: Thu, 18 Oct 2018 09:05:24 -0600
On Tue, Oct 16, 2018 at 11:38:50PM +0000, Brandon Enright via dev wrote:

It seems some versions of libssh use an underscore as the separator
character for the version like so:

SF:L,16,"SSH-2\.0-libssh_0\.7\.5\r\n");

Attached is a patch that allows both an underscore and hyphen so that
the fingerprint matches more versions.


Looks right to me.
https://git.libssh.org/projects/libssh.git/tree/include/libssh/priv.h?id=60037f327540f9ff2255cb6cc6bba78ea1f066b9#n159
        #ifndef CLIENT_BANNER_SSH2
        #define CLIENT_BANNER_SSH2 "SSH-2.0-libssh_" SSH_STRINGIFY(LIBSSH_VERSION)
        #endif /* CLIENT_BANNER_SSH2 */
It's called "CLIENT"_BANNER_SSH2 but it's also sent by the server code.

It switched from hyphen to underscore in 2016 (released 2017 in version 0.7.4).
https://git.libssh.org/projects/libssh.git/commit/?id=b5ce15eefa5b3e949d71a640cf03a0c0f42805ae
         #ifndef CLIENTBANNER1
        -#define CLIENTBANNER1 "SSH-1.5-libssh-" SSH_STRINGIFY(LIBSSH_VERSION)
        +#define CLIENTBANNER1 "SSH-1.5-libssh_" SSH_STRINGIFY(LIBSSH_VERSION)
         #endif
         #ifndef CLIENTBANNER2
        -#define CLIENTBANNER2 "SSH-2.0-libssh-" SSH_STRINGIFY(LIBSSH_VERSION)
        +#define CLIENTBANNER2 "SSH-2.0-libssh_" SSH_STRINGIFY(LIBSSH_VERSION)
         #endif
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: