Holst Swende. mongodb-info gets information like the version number,
memory use, and operating system. mongodb-databases lists the
databases and their size on disk.
o [Ncat] Added support for HTTP Digest authentication of proxies, as
both client and server. Previously only the less secure Basic was
supported. [Venkat, David]
in order to keep the script from running against the actual database instances.
Also modified the debugging output so that the bulk of the information is
generated at -d 4 or higher.
ncat_proxy.c: In function `ncat_http_server':
ncat_proxy.c:163: warning: dereferencing type-punned pointer will break strict-aliasing rules
nmap_dns.cc: In function `void parse_resolvdotconf()':
nmap_dns.cc:951: warning: unsigned int format, different type arg (arg 4)
traceroute.cc: In member function `void TracerouteState::read_replies(long int)':
traceroute.cc:1031: warning: 'header_len' might be used uninitialized in this function
on TCP or UDP port 523 and exports the server profile. No authentication is required for
this request. The script will also set the port product and version if a version scan is
requested. [Patrik Karlsson, Tom Sellers]
o [NSE] Restored the ability of http.head to return a body if the
server returns one. This was lost in the http.lua overhaul from
5.20. [David]
o [NSE] Fixed the use of our strict.lua library on distributions that
install their own strict.lua. The error message was
nse_main.lua:97: attempt to call a boolean value
It was reported by Onur K. [Patrick]
o [NSE] Corrected a behavior change in http.request that was
accidentally made in 5.20: it could return nil instead of a table
indicating failure. [David]
o [NSE] Fixed the use of an undefined variable in smb-enum-sessions,
reported by Brandon. [Ron]
o Fixed a compiler error when --without-liblua is used. [Brandon]
o [NSE] Did some simple bit-flipping on the nmap_service.exe program
used by the smb-psexec script, to avoid its being falsely detected
as malware. [Ron]
o [NSE] Fixed an error with running http-enum.nse along with the
--datadir option. The script would report the error
http-enum.nse:198: bad argument #1 to 'lines'
(nselib/data/http-fingerprints: No such file or directory)
The error was reported by Ron Meldau and Brandon. [Kris]
acommonate IPv6 addresses) and make the sscanf format size match the
buffer size (to avoid smashing the stack). The format string is
constructed dynamically to the size of the buffer with Snprintf. Gunnar
Lindberg reported this problem; discussion starts at
http://seclists.org/nmap-dev/2010/q1/250.
port is unknown, instead of -1. This makes it a better fit with the
other accessor functions. For those callers that need to know whether a
port is in the default state or not, add PortList::portIsDefault.
Having getPortState return -1 for ports in the default state would cause
the slightly wrong
Discovered unknown port 88/udp on 192.168.0.190 is actually open
to be printed instead of
Discovered open|filtered port 88/udp on 192.168.0.190 is actually open
already open. Rob Nicholls pointed out that setting the state
unconditionally results in multiple messages per port:
Discovered open port 3389/tcp
Discovered open port 3389/tcp
Discovered open port 3389/tcp
Discovered open port 3389/tcp
This is because setPortState has the side effect of printing a message.
of new fingerprints from Matt Selsky. Also add a match line for MIT
Kerberos 1.2 from Matt.
The susec field of the response may be represented as an encoded string
of 3, 2, or (rarely) 1 bytes. I adjusted the Kerberos matches to be
specific about how other fields may change when this one does.
Adding documentation for the various new parallelism features
NSE has recently added including mutexes, condition variables,
child coroutine support, and new threads.
scan response, instead of checking for a current state of
PORT_OPENFILTERED. The code calls getPortState, but the port may not
have been assigned a state, again because of the new Port allocation
architecture, so the function returns -1.
It would make sense to have getPortState return the default port state
if a Port has not been allocated, but there are two other places it is
used where the code relies on it returning -1 to indicate that a port
has not received a state yet.
I copied parse_url_relative from favicon-survey.nse. Ron Meldau reported
that this error is raised:
http-favicon.nse:141: variable 'dirname' is not declared
It happens when a web page specifies a relative icon URL in a link
element. (dirname is used to absolutize the URL.)
Also, I changed to code to be sure to pass a plain string and number for
the host and port to parse_url_relative. Otherwise parse_url_relative
may return the tables that it receives and complicate the matching code
to decide if a URL should be followed.
o Fixed an error that occurred when UDP scan was combined with version
scan. UDP ports would appear in the state "unknown" at the end of
the scan, and in some cases an assertion failure would be raised.
This was an unintended side effect of the memory use reduction
changes in 5.20. The bug was reported by Jon Kibler. [David]
called. Formerly the only way to create a port was to call
PortList::addPort, which also set the state. Now ports are allocated on
demand whenever anything about a port is set. If we don't set the state
and reason, they're "unknown" and "unknown-reason". Because of the
special handling of PORT_UNKNOWN in the output table, this could lead to
an assertion failure reported by Jon Kibler.
there is one. Even though section 4.4 of RFC 2616 says that sending a
body in response to a HEAD request is a MUST NOT, pyllyukko sent me a
sample from a server that does--"LuCI - Lua Configuration Interface".
custom libraries that must be used instead. (So, try to load our libaries
first, then look through system paths.) This bug is very rare since these
optional libraries are very rarely installed in most distributions.
Bug found by Onur K. [1].
[1] http://seclists.org/nmap-dev/2010/q1/197
initial request to get a value stored in the Keep-Alive header, which is
the size of the pipeline. It then iterates, doignt hat many requests at
once until the list of requests is exhausted. The prbolem was that in
the first round, it didn't count its initial Keep-Alive probe. So if the
server said it was good for 40 requests, we would send 41 before closing
the connection. Even worse was when the initial probe returned a
"Connection: close"; the pipeline would try another request before
closing the connection for the first time.
failure. It happened when there was an error getting the a response
at the beginning of a batch in http.pipeline. The symptoms of the
bug were:
NSE: Received only 0 of 1 expected reponses.
Decreasing max pipelined requests to 0.
NSOCK (0.1870s) Write request for 0 bytes...
nmap: nsock_core.c:516: handle_write_result: Assertion `bytesleft > 0' failed.
The error was reported by Brandon Enright and pyllyukko.
