Bugtraq: Re: Arbitrary code execution in eping plugin

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Arbitrary code execution in eping plugin

From: Christoph 'knurd' Jeschke <christoph.jeschke () gmail com>
Date: Tue, 14 Jun 2005 22:55:08 +0200

Jonathan Angliss schrieb:

Won't match IPv6 addresses, but neither will the original code, and it
matches IP addresses perfectly I believe.


My Suggestion for IPv4 is:

^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])$

So 0.0.0.0 (Internet) doesn't match, just as 224.0.0.0/4 (Multicast) and
240.0.0.0/4 (Future Use) as described in RFC3330.

(based on the Regex from Mastering Regular Expression, Jeffrey E.F. Friedl)

Any further suggestions?

By Date By Thread

Current thread:

Arbitrary code execution in eping plugin y0int (Jun 09)
- Re: Arbitrary code execution in eping plugin Oliver Monneke (Jun 13)
  - Re: Arbitrary code execution in eping plugin Jonathan Angliss (Jun 14)
    - Re: Arbitrary code execution in eping plugin Christoph 'knurd' Jeschke (Jun 14)
    - Re: Arbitrary code execution in eping plugin Anders Henke (Jun 15)
- <Possible follow-ups>
- Re: Arbitrary code execution in eping plugin oliver (Jun 11)
  - Re: Arbitrary code execution in eping plugin Sam Michaels (Jun 13)
  - Re: Arbitrary code execution in eping plugin exon (Jun 13)