Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: nmap-dev Digest, Vol 74, Issue 5
From: alfred nganga <alfnganga () yahoo com>
Date: Wed, 4 May 2011 03:31:03 -0700 (PDT)

From: "nmap-dev-request () insecure org" <nmap-dev-request () insecure org>
To: nmap-dev () insecure org
Sent: Tue, May 3, 2011 10:00:01 PM
Subject: nmap-dev Digest, Vol 74, Issue 5

Send nmap-dev mailing list submissions to
    nmap-dev () insecure org

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
    nmap-dev-request () insecure org

You can reach the person managing the list at
    nmap-dev-owner () insecure org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of nmap-dev digest..."

Today's Topics:

   1. Re: salt in version probes (David Fifield)
   2. New VA Modules: NSE: 1, OpenVAS: 2, Nessus: 12
      (New VA Module Alert Service)


Message: 1
Date: Tue, 3 May 2011 08:36:31 -0700
From: David Fifield <david () bamsoftware com>
Subject: Re: salt in version probes
To: Toni Ruottu <toni.ruottu () iki fi>
Cc: nmap-dev <nmap-dev () insecure org>
Message-ID: <20110503153631.GA21882 () debian bamsoftware com>
Content-Type: text/plain; charset=us-ascii

On Tue, May 03, 2011 at 05:38:54PM +0300, Toni Ruottu wrote:
These probes are probably fine, but I don't want to add them without any
matchlines. It's kind of a minimum barrier to entry to try a new probe
against a known server and add a match for it. (And ideally, try it
against two different servers, and get distinguishable responses.) I
notice that some of the stun-br responses contain the string
"Vovida\.org\x200\.96\", which looks like a nice server name and version
number for http://www.voip-info.org/wiki/view/Vovida.org+STUN+server. So
if you can test that, we'll add the probe.

I think it is impossible to do a regexp that would match the fields
accurately because they have length prefixes, and the regexp would
need to take into account that the fields might be in different
orders, and skip fields. On the other hand we may just have the regexp
look for string "Vovida.org", but in theory this string might exist in
some field with wrong type. I suppose we are okay with that?

We match fields with length prefixes all the time. For example, see the
AFP matches. Just use . or .. for the prefix and [\w._-]+ for the
version number part, and it usually works fine.

Yes, conceivably the fields might come in different orders, but if they
do, it means a different server or different version (at least a
different configuration), so it's fine to assume a static ordering in
each match line. Consider that the same ordering problem exists with our
thousands of HTTP match lines.

David Fifield


Message: 2
Date: Tue,  3 May 2011 10:00:32 -0700 (PDT)
From: New VA Module Alert Service <postmaster () insecure org>
Subject: New VA Modules: NSE: 1, OpenVAS: 2, Nessus: 12
To: nmap-dev () insecure org
Message-ID: <20110503170032.0F702B298F () web insecure org>
Content-Type: text/plain; charset="utf-8"

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (1) ==

r23066 broadcast-avahi-dos 
Attempts to discover hosts in the local network using the DNS Service
Discovery protocol and sends a NULL UDP packet to each host to test if
it is vulnerable to the Avahi NULL UDP packet denial of service

== OpenVAS plugins (2) ==

r10864 103158 gb_ldap_account_manager_detect.nasl

LDAP Account Manager Detection

r10864 103159 gb_ldap_account_manager_47674.nasl

LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting

== Nessus plugins (12) ==

53631 redhat-RHSA-2011-0479.nasl
RHSA-2011-0479: libvirt

53630 redhat-RHSA-2011-0477.nasl
RHSA-2011-0477: gstreamer-plugins

53629 mandriva_MDVSA-2011-082.nasl
MDVSA-2011:082: python-feedparser

53628 mandriva_MDVSA-2011-081.nasl
MDVSA-2011:081: kdenetwork4

53627 fedora_2011-6133.nasl
Fedora 15 2011-6133

53626 Slackware_SSA_2011-122-03.nasl
SSA-2011-122-03 seamonkey

53625 tivoli_directory_svr_6303.nasl
IBM Tivoli Directory Server Vulnerabilities

53624 hp_vse_6_3.nasl
HP Virtual Server Environment Privilege Escalation Vulnerability

53623 hp_vse_installed.nasl
HP Virtual Server Environment Detection

53622 hp_sitescope_xss.nasl
HP SiteScope XSS

53621 hp_sitescope_detect.nasl
SiteScope Detection

53620 symphony_token_sqli.nasl
Symphony CMS token Parameter SQL Injection


nmap-dev mailing list
nmap-dev () insecure org

End of nmap-dev Digest, Vol 74, Issue 5
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Re: nmap-dev Digest, Vol 74, Issue 5 alfred nganga (May 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]