Nmap Development mailing list archives
RE: nmap-2.54b3+V-2.2 (now 2.21)
From: "Jay Freeman \(saurik\)" <saurik () saurik com>
Date: Mon, 28 Aug 2000 05:22:46 -0500
Actually, I haven't :). I got the one message from you. The biggest reason for that is likely that my name or my e-mail address isn't in nmap+V anywhere except a CHANGELOG entry having to do with makefiles for 2.54BETA1. To tell you the truth, I'm even worried about testing it, as I don't know what that exploit code of his does, and do not have a computer to temporarily install a test system to run nmap+V on. I'm sitting here looking at it more carefully, and I think I see where the problem is. I think all versions are vulnerable :(. I was thinking about it wrong when I first looked at it, and assumed that it was causing problems when I receive data, which I handle through a reallocated buffer now (and don't remember what I did at 1.01), so that shouldn't be a problem. However, I didn't notice that my regmatch() was callously assuming it had all the memory in the world (well, at least as much as my reallocated buffer), when it only had a measly 1024 characters. I really feel silly now :). Re-linked the symlinks, same URLs, nmap+V-2.21, has a counter to figure out how much memory it has left. While building the next version I am going to totally rewrite my regmatch() to be a little saner about how it handles these buffers. Also fixes a g++ compilation problem I caused right before building the patch. I'll work on putting together the C++ patch separately from the nmap+V patch sometime in the next day or two (probably tomorrow when I am working on that Solaris machine I mentioned). Sincerely, Jay Freeman (saurik) saurik () saurik com -----Original Message----- From: Fyodor [mailto:fyodor () insecure org] Sent: Monday, August 28, 2000 4:23 AM To: Jay Freeman (saurik) Cc: Nmap-Dev; Max Vision Subject: Re: nmap-2.54b3+V-2.2 On Mon, 28 Aug 2000, Jay Freeman (saurik) wrote:
nmap-2.54b3+V-2.2 compiles without warnings using g++. As Fyoder
continues
to break this, I am going to continue to fix it :-). There are lots of modifications to signed/unsigned declarations, triple checked all const modifiers, got rid of an annoying variables named "try", etc..
I would be happy to apply any patches for making Nmap C++-clean to the main tree. Just send them my way. Otherwise, I'll try to remember to vet out C++ problems before the next release.
This version, like the unannounced version 2.1, has support for pulling times off of NTP servers (as requested by the nmap-web guy). I also added
a
few more nmap-versions rules to this release, most notably Exchange POP
and
IMAP server detection.
Cool! If nobody on this list finds any showstopper issues in the next day or so, you might want to send an announcement to nmap-hackers . That list is 50X as large as nmap-dev . You might also want to let them know what versions are vulnerable to the alleged Nmap+V buffer overflow root hole at http://inferno.tusculum.edu/~typo/banfuq.c . Are all 2.X versions safe? I've been getting a lot of worried mail about this. I assume you have too.
this on any port other than the standard 8009 (which isn't in
nmap-services, OK, I just added it. Cheers, -Fyodor --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- nmap-2.54b3+V-2.2 Jay Freeman (saurik) (Aug 28)
- Re: nmap-2.54b3+V-2.2 Fyodor (Aug 28)
- RE: nmap-2.54b3+V-2.2 (now 2.21) Jay Freeman (saurik) (Aug 28)
- Re: nmap-2.54b3+V-2.2 Fyodor (Aug 28)