Send large groups of ciphers and eliminate chosen ones until the server
gives up. This results in far fewer exchanges than trying every cipher
individually.
Also fixed a bug introduced in r26521 where failing to send NULL
compressor results in a rejected handshake, and updated the list of
ciphers from 213 to 359.
http://seclists.org/nmap-dev/2012/q3/156
2.2.22 as vulnerable.
The corresponding ChangeLog entry for Apache 2.2.22 says:
"""
Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
A range of '0-' will now return 206 instead of 200.
"""
https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
Updated the type table to include the latest from
http://www.bind9.net/dns-parameters (18 June 2012). Fixed a bug in WKS
parser. Added parsers for NSAP, NSAP-PTR, PX, GPOS, ATMA, KX, A6, DNAME,
SINK (partial), SSHFP, and SPF.
New types: MD, MF, MB, MG, MR, WKS, HINFO, MINFO, RP, AFSDB, X25, ISDN,
RT, NAPTR. Several of these are obsolete/experimental. RP, AFSDB, and
NAPTR can be tested against zonetransfer.me. WKS (Well Known Services)
is very interesting, but little used, and not tested.
Some scripts that had been previously modified were updated so that the debug output was consistent.
A few scripts were calling identify_404 with host.ip as opposed to the proper host object. This has been adjusted as well.
./scripts/http-vhosts.nse:502: attempt to concatenate local 'domain' (a
nil value)
stack traceback:
./scripts/http-vhosts.nse:502: in function 'makeTargetName'
./scripts/http-vhosts.nse:542: in function
<./scripts/http-vhosts.nse:532>
(...tail calls...)
http-backup-finder.nse:107: attempt to index field 'path' (a nil value)
stack traceback:
Addressed this by setting nil .path values to '/'. Tested with sites with and without backup files. Verified that duplicate results were not returned.
Implemented a check to if the target is returning 200 to all requests.
Also implemented additional logic on line 84 to verify that the Server header value is not nil. This is just in case we run into another case where a response is 200 but the Server header does not exist.
http://seclists.org/nmap-dev/2012/q2/54
This patch is from Daniel Miller. He writes:
I've just finished enhancing the nfs-ls, nfs-statfs, and nfs-showmount
scripts so that they can run based on version detection information,
for cases where the portmapper is firewalled. For nfs-ls and
nfs-statfs, this required making a hostrule to check that both a
mountd service and a nfs service were detected. In the process, I
ended up adding the AUTH_UNIX flavor to rpc.lua, since the RFC states
that AUTH_NULL can only be used for the NULL procedure (and my Linux
nfs-kernel-server was enforcing that).
Other minor changes:
* If running privileged, attempt to bind to a reserved port. Many NFS
servers refuse to talk to source ports >1024, as a "security measure"
* handle an odd case in nfs-ls where READDIRPLUS does not return file
attributes. Chose to use all ?'s, but in the future maybe a direct
GETATTR call?
* remove reference to nfs.dirlist argument from nfs-ls doc, since it is unused
