if the DB2 DAS service had discovery mode disabled. While the service
would be listening, the data would be in an unexpected format. This
caused the script to crash at line 412 when it tried to extract the
server profile from the DB2 response (db2response.info variable).
I will likely tweak the hard setting of the ports in the block that
follows after I perform more testing to verify that it behaves as
expected - Tom
------------------------------------------------------------------------
r22234 | david | 2011-02-11 14:33:33 -0800 (Fri, 11 Feb 2011) | 4 lines
Add an openssl guard around the require of tns in oracle-brute and
oracle-enum-users. The tns library makes a call to
openssl.rand_pseudo_bytes at its top level.
------------------------------------------------------------------------
r22232 | david | 2011-02-11 14:28:18 -0800 (Fri, 11 Feb 2011) | 4 lines
Put an openssl guard around the importing of ssh2 in
ssh2-enum-algos.nse. Otherwise it fail in --script-updatedb when
configured --without-openssl.
------------------------------------------------------------------------
r22230 | david | 2011-02-11 13:38:49 -0800 (Fri, 11 Feb 2011) | 3 lines
Allow whitespace at the end of the go_to_host pattern. On Windows,
there's a '\r' at the end of the string, so the pattern didn't match.
snmp-interfaces.host into the prerule and out of the action. Otherwise,
being default, this is the only script that runs during the prescan by
default.
This will no longer match against the generic "X-Powered-By: PHP" (rare?), but that never gave us a version number anyway, so you could consider that a bug too.
We don't currently check for variations such as "Zend Core/2.0.1 PHP/5.2.1", so that could be added in the future, but at least the http-headers script will reveal the X-Powered-By header anyway.
The wsdd library incorrectly assumed OpenSSL to always be available and the
ssh-hostkey used the undeclared SCRIPT_NAME in message when evaluating SSL
support. The bug was reported by Michael Pattrick on nmap-dev:
http://seclists.org/nmap-dev/2011/q1/312
[Patrik]
Tumblr post, this sounds more like a way for people to set up a private
server on a LAN among trusted users than a vulnerability. Also link the
Tumblr post in the description.
before) each group of tab.add, and there is no tab.nextrow before or
after tab.addrow. Also remove manual indenting that was accomplished by
padding the first column with spaces; this is done by
stdnse.format_output now.
sending the magic shell string but before sending a shell command.
Michael Meyer reported that the script would sometimes fail to report a
backdoor; I tracked this down to the sends happening in too-close
succession. The ProFTPD process could receive both sends
("HELP ACIDBITCHEZ\r\nid;\r\n"), read the first line, and execute the
shell, but then the shell would get no input because the "id;\r\n" had
already been read.
This causes a delay up to the timeout when there is a backdoor, but it
still returns right away when there is no backdoor.
