Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Conficker scanning with nmap
From: Lionel Cons <lionel.cons () cern ch>
Date: Wed, 1 Apr 2009 10:54:07 +0200

Brandon Enright writes:
I've never been able to reproduce the problem myself and I've tested
against a *lot* of machines/devices so either the version of OpenSSL
I'm running doesn't have the same assert() or the error condition to
trigger data_len = 0 is somewhat involved.

Indeed, it seems it got fixed at some point last year:

http://cvs.openssl.org/filediff?f=openssl/crypto/evp/evp_enc.c&v1=1.45&v2=1.46

However, Nmap should probably be backward compatible and workaround
this "feature" of older OpenSSL releases...

Cheers,

Lionel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault