Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Conficker scanning with nmap
From: Ron <ron () skullsecurity net>
Date: Thu, 02 Apr 2009 07:32:45 -0500

Lionel Cons wrote:
David Fifield <david () bamsoftware com> writes:
I think we should just avoid calling EVP_EncryptUpdate when data_len == 0.

I fully support this. Nmap (including the OpenSSL LUA library) should
not crash so easily. The comment associated with the OpenSSL patch is
very relevant:

  Check-in [17371]: Don't use assertions to check application-provided
  arguments; and don't unnecessarily fail on input size 0.

Cheers,

Lionel

I added a workaround for Beta7 -- if the server signature is 0-bytes
long (which breaks protocol anyways -- signature should always be 8),
it'll intentionally fail the login. AFter the failed login, it falls
back to using the anonymous account (anonymous doesn't require any
encryption).

I tried checking for the error condition by wrapping openssl.encrypt()
inside a pcall(), but because they're using assertions it still aborts
the program.

Ron


-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault