Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap-4.60 detects cups-1.3.7 under Gentoo Linux as "CUPS 1.2"
From: Sven Klemm <sven () c3d2 de>
Date: Tue, 03 Jun 2008 17:03:47 +0200

Hi

Hi Toralf.  These sort of corrections are very useful for us.  But we
need some further information to apply them.  And we have an easy
submission form which keeps them all in one place.  See:

this is a bug/feature in CUPS it reports the wrong version in the http server header. Changing the order of the cups probes in the nmap-service-probes file fixes the issue and results in the exact version being reported.
I've attached a patch that fixes the issue.

Cheers,
Sven

--
Sven Klemm
http://cthulhu.c3d2.de/~sven/

Index: nmap-service-probes
===================================================================
--- nmap-service-probes (revision 7895)
+++ nmap-service-probes (working copy)
@@ -4762,8 +4762,8 @@
 match imap m|^\* OK Gimap ready for requests from [\d\.]+ ([\w\d]+)| p/Google Gmail imapd/ i/$1/
 
 # Server: CUPS/1.1
+match ipp m|^HTTP/1\.0 \d\d\d .*<TITLE>Home - CUPS ([\d.]+)</TITLE>.*SUMMARY=\"Common UNIX Printing System|s p/CUPS/ 
v/$1/
 match ipp m|^HTTP/1\.0 \d\d\d .*\r\nServer: CUPS/([-\w_.]+)|s p/CUPS/ v/$1/
-match ipp m|^HTTP/1\.0 \d\d\d .*<TITLE>Home - CUPS ([\d.]+)</TITLE>.*SUMMARY=\"Common UNIX Printing System|s p/CUPS/ 
v/$1/
 match ipp m|^lpd \[ () [- \w]+\]: Host name for your address \([:.\d]+\) is not known\n$| p/CUPS/
 match ipp m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: EPSON-IPP/([\d.]+)\r\nContent-Type: 
application/ipp\r\nContent-Length: \d+\r\n\r\n| p/Epson ippd/ v/$1/ d/print server/
 match ipp m|^HTTP/1\.0 404 Not Found\r\nCache-Control: no-cache\r\nDate: .*\r\nPragma: no-cache\r\nContent-Type: 
text/html\r\nContent-Length: 91\r\nServer: Web-Server/([\d.]+)\r\n\r\n<HTML><HEAD><TITLE>404 Not 
Found</TITLE></HEAD>\n<BODY><H1>404 Not Found</H1></BODY></HTML>\0| p/NRG copier or Ricoh Afficio/ i/Embedded 
Web-Server $1/ d/printer/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault