Nmap Development mailing list archives
Re: Nmap 6.45 Informal Release
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 13 Apr 2014 08:24:22 -0400
Dan, The issue Brendan was having disappeared when trying to read a smaller response than requested, I believe. That's why I initially went down the path of splitting the receiving functions and allowed for an len argument. I was having success with 0x0fe9 to a large extent as well in the request until the emails yesterday where it was pointed out that it didn't work against the CloudFlare challenge. I tried my initial commit and it did work up until the 0x4000 was replaced. Personally, I'm less concerned about IDS detection than false negatives. We could make the default 0x4000 and allow changing it with an argument? -Patrik On Sun, Apr 13, 2014 at 7:55 AM, Daniel Miller <bonsaiviking () gmail com>wrote:
Patrik, I saw that commit, but I was confused: Won't this reintroduce the problem Brendan was having with large heartbeat responses? I specifically chose 0x0fe9 as the smallest request that would reliably get a response from the openssl s_server tool, but I'm open to correction if you have evidence of better support for a different size. I don't know if IDS detection would be a concern, but using 0x4000 makes us send the exact probe that everyone is matching against. Also of note, apparently changing the heartbeat payload size is a way for an attacker to select memory from a different area, since the OpenSSL allocator reuses chunks of memory by size. Dan On Sun, Apr 13, 2014 at 6:21 AM, Patrik Karlsson <patrik () cqure net> wrote:Fyodor, I think the change to the requested size that I committed as r32828 fixes an important bug and should probably make it into the release unless someone disagrees. Thanks, Patrik On Sat, Apr 12, 2014 at 4:54 PM, Fyodor <fyodor () nmap org> wrote:Hi Folks! Late last night we posted Nmap version 6.45 to the web site.Itincludes Patrik's excellent ssl-heartbleed script for detectingvulnerableSSL servers (http://nmap.org/nsedoc/scripts/ssl-heartbleed.html) andalsoRob Nicholls' super quick update of our Windows OpenSSL binaries to help keep Nmap users safe from the same issue. We never shipped vulnerable OpenSSL libraries with our Linux or Mac packages, and our new 6.45Windowspackages are now linked to a secure version (1.0.1g). This release also includes tons of other major improvements we made over the last 8 months since the 6.40 release. Some of the improvements canbefound in the raw-format CHANGELOG (http://nmap.org/changelog.html) andI'mworking on cleaned up release notes now. Please give it a try and let me know if you find any problems. If all seems well, I'll announce the release more prominently early next week. Cheers, Fyodor _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77 _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77 _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap 6.45 Informal Release Fyodor (Apr 12)
- Re: Nmap 6.45 Informal Release Patrik Karlsson (Apr 13)
- Re: Nmap 6.45 Informal Release Daniel Miller (Apr 13)
- Re: Nmap 6.45 Informal Release Patrik Karlsson (Apr 13)
- Re: Nmap 6.45 Informal Release Daniel Miller (Apr 14)
- Re: Nmap 6.45 Informal Release Daniel Miller (Apr 13)
- Re: Nmap 6.45 Informal Release Patrik Karlsson (Apr 13)
- Re: Nmap 6.45 Informal Release - citrixxml.lua accidental tarpit Tom Sellers (Apr 13)
- Re: Nmap 6.45 Informal Release - citrixxml.lua accidental tarpit Patrik Karlsson (Apr 13)
- Re: Nmap 6.45 Informal Release - citrixxml.lua accidental tarpit Tom Sellers (Apr 13)
- Re: Nmap 6.45 Informal Release - citrixxml.lua accidental tarpit Patrik Karlsson (Apr 13)