packages/nmap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:d2f7ed4da736c4ee5311d6043cee4c807a659a9a
Branches Tags
packages:main
...
compare: packages:794b106ebaf9ab0fbcb5e814b7ee114e03837fa5
Branches Tags
packages:main

10 Commits
d2f7ed4da7 ... 794b106eba

Author SHA1 Message Date
openeuler-ci-bot
794b106eba
!74 [sync] PR-72: backport lua upstream patch to fix CVE-2022-28805 
From: @openeuler-sync-bot 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12
 2025-01-16 06:48:04 +00:00
xingwei
bfea188fea backport lua upstream patch to fix CVE-2022-28805 
(cherry picked from commit 61dc4d0f9c9bc41a0f614a7fe92ddba8bdefd45e)
 2025-01-16 10:09:08 +08:00
openeuler-ci-bot
053725c156
!69 [sync] PR-64: fix license 
From: @openeuler-sync-bot 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12
 2024-06-18 12:07:19 +00:00
xh
3da874cf0b fix license 
(cherry picked from commit 93198dc6e31cbe6efaf747a9b7e05effdbf83d18)
 2024-06-17 09:56:34 +08:00
openeuler-ci-bot
38a45f4cbe
!58 remove password printing 
From: @XWwalker 
Reviewed-by: @gebidelidaye 
Signed-off-by: @gebidelidaye
 2024-01-16 11:22:12 +00:00
xingwei
5f19db4cc3 remove password printing 2024-01-16 07:40:58 +00:00
openeuler-ci-bot
23bc335847
!48 enable DT check 
From: @XWwalker 
Reviewed-by: @gebidelidaye 
Signed-off-by: @gebidelidaye
 2023-09-15 09:05:46 +00:00
xingwei
a8756addf0 enable DT check 2023-09-15 15:07:15 +08:00
openeuler-ci-bot
837f9db3d0
!44 Ncat server UDP: do not quit after EOF on STDIN 
From: @XWwalker 
Reviewed-by: @gebidelidaye 
Signed-off-by: @gebidelidaye
 2023-09-13 10:04:07 +00:00
xingwei
aba2ef8d21 Ncat server UDP: do not quit after EOF on STDIN 2023-09-12 07:43:35 +00:00
4 changed files with 295 additions and 2 deletions
Show Stats Expand all files Collapse all files

26
backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch Normal file
View File

@ -0,0 +1,26 @@
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
Conflict: remove testes/attrib.lua and adapt lparser.c file directory
Reference: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
---
liblua/lparser.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/liblua/lparser.c b/liblua/lparser.c
index 3abe3d7..a5cd552 100644
--- a/liblua/lparser.c
+++ b/liblua/lparser.c
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k != VVOID); /* this one must exist */
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(&key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}
--
2.43.0

31
backport-Ncat-server-UDP-do-not-quit-after-EOF-on-STDIN.-Fixe.patch Normal file
View File

@ -0,0 +1,31 @@
From d4e769197afccf425ec16dae5faeece72e8a5130 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 27 Jul 2023 17:31:48 +0000
Subject: [PATCH] Ncat server UDP: do not quit after EOF on STDIN. Fixes #2685
Conflict: NA
Reference: https://github.com/nmap/nmap/commit/d4e769197afccf425ec16dae5faeece72e8a5130
diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
index 3cecb64f8..c307c68c4 100644
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -376,13 +376,13 @@ restart_fd_loop:
} else {
/* Read from stdin and write to all clients. */
rc = read_stdin();
- if (rc == 0) {
+ if (rc == 0 && type == SOCK_STREAM) {
if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.sendonly)) {
/* There will be nothing more to send. If we're not
receiving anything, we can quit here. */
return 0;
}
- if (!o.noshutdown && type == SOCK_STREAM) shutdown_sockets(SHUT_WR);
+ if (!o.noshutdown) shutdown_sockets(SHUT_WR);
}
if (rc < 0)
return 1;
--
2.33.0

40
nmap.spec
View File

@ -3,8 +3,8 @@
Name: nmap
Epoch: 2
Version: 7.94
Release: 2
License: Nmap
Release: 7
License: GPL-2.0-or-later
Summary: A tool for network discovery and security auditing.
Requires: %{name}-ncat = %{epoch}:%{version}-%{release}
URL: https://nmap.org/
@ -22,6 +22,9 @@ Patch0003: nmap-replace-sensitive-words.patch
Patch0004: backport-upgrade-libpcre-to-PCRE2-10.42.patch
Patch0005: backport-remove-nse_pcrelib-from-build.patch
Patch0006: backport-nping-fix-out-of-bounds-access.patch
Patch0007: backport-Ncat-server-UDP-do-not-quit-after-EOF-on-STDIN.-Fixe.patch
Patch0008: remove-password-printing.patch
Patch0009: backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch
%define pixmap_srcdir zenmap/share/pixmaps
@ -44,6 +47,9 @@ export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
sed -i 's/-md/-mf/' nping/docs/nping.1
%check
make check
%install
make DESTDIR=%{buildroot} STRIP=true install
@ -69,6 +75,36 @@ ln -s ncat %{buildroot}%{_bindir}/nc
%{_mandir}/man1/*.1.gz
%changelog
* Wed Jan 15 2025 xingwei <xingwei14@h-partners.com> - 2:7.94-7
- Type:CVE
- CVE:CVE-2022-28805
- SUG:NA
- DESC:backport lua upstream patch to fix CVE-2022-28805
* Fri Jun 14 2024 xinghe <xinghe2@h-partners.com> - 2:7.94-6
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix license
* Tue Jan 16 2024 xingwei <xingwei14@h-partners.com> - 2:7.94-5
- Type:bugfix
- CVE:
- SUG:NA
- DESC:remove password printing
* Fri Sep 15 2023 xingwei <xingwei14@h-partners.com> - 2:7.94-4
- Type:bugfix
- CVE:
- SUG:NA
- DESC:enable dt check
* Tue Sep 12 2023 xingwei <xingwei14@h-partners.com> - 2:7.94-3
- Type:bugfix
- CVE:
- SUG:NA
- DESC:Ncat server UDP: do not quit after EOF on STDIN
* Wed Aug 23 2023 xingwei <xingwei14@h-partners.com> - 2:7.94-2
- Type:bugfix
- CVE:

200
remove-password-printing.patch Normal file
View File

@ -0,0 +1,200 @@
From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001
From: gaoxingwang <gaoxingwang1@huawei.com>
Date: Tue, 31 Jan 2023 16:47:32 +0800
Subject: [PATCH] remove password printing
---
scripts/broadcast-ospf2-discover.nse | 2 +-
scripts/cassandra-brute.nse | 14 +++++++-------
scripts/cics-user-brute.nse | 2 +-
scripts/ldap-brute.nse | 12 ++++++------
scripts/nje-pass-brute.nse | 2 +-
scripts/oracle-brute.nse | 2 +-
scripts/tso-brute.nse | 4 ++--
7 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse
index ad3fca0..b33c366 100644
--- a/scripts/broadcast-ospf2-discover.nse
+++ b/scripts/broadcast-ospf2-discover.nse
@@ -124,7 +124,7 @@ local ospfDumpHello = function(hello)
stdnse.print_debug(2, "| Checksum: %s", hello.header.chksum)
stdnse.print_debug(2, "| Auth Type: %s", hello.header.auth_type)
if hello.header.auth_type == 0x01 then
- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password)
+ -- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password)
elseif hello.header.auth_type == 0x02 then
stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid)
stdnse.print_debug(2, "| Auth Data Length: %s", hello.header.auth_data.length)
diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse
index 8363c65..c2dd124 100644
--- a/scripts/cassandra-brute.nse
+++ b/scripts/cassandra-brute.nse
@@ -54,21 +54,21 @@ Driver = {
local status, err = self.socket:send(string.pack(">I4", #loginstr))
local combo = username..":"..password
if ( not(status) ) then
- local err = brute.Error:new( "couldn't send length:"..combo )
+ local err = brute.Error:new( "couldn't send length:" )
err:setAbort( true )
return false, err
end
status, err = self.socket:send(loginstr)
if ( not(status) ) then
- local err = brute.Error:new( "couldn't send login packet: "..combo )
+ local err = brute.Error:new( "couldn't send login packet: " )
err:setAbort( true )
return false, err
end
local status, response = self.socket:receive_bytes(22)
if ( not(status) ) then
- local err = brute.Error:new( "couldn't receive login reply size: "..combo )
+ local err = brute.Error:new( "couldn't receive login reply size: " )
err:setAbort( true )
return false, err
end
@@ -78,16 +78,16 @@ Driver = {
magic = string.sub(response,18,22)
if (magic == cassandra.LOGINSUCC) then
- stdnse.debug3("Account SUCCESS: "..combo)
+ stdnse.debug3("Account SUCCESS: ")
return true, creds.Account:new(username, password, creds.State.VALID)
elseif (magic == cassandra.LOGINFAIL) then
- stdnse.debug3("Account FAIL: "..combo)
+ stdnse.debug3("Account FAIL: ")
return false, brute.Error:new( "Incorrect password" )
elseif (magic == cassandra.LOGINACC) then
- stdnse.debug3("Account VALID, but wrong password: "..combo)
+ stdnse.debug3("Account VALID, but wrong password: ")
return false, brute.Error:new( "Good user, bad password" )
else
- stdnse.debug3("Unrecognized packet for "..combo)
+ stdnse.debug3("Unrecognized packet for ")
stdnse.debug3("packet hex: %s", stdnse.tohex(response) )
stdnse.debug3("size packet hex: %s", stdnse.tohex(size) )
stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) )
diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse
index 768813e..559d752 100644
--- a/scripts/cics-user-brute.nse
+++ b/scripts/cics-user-brute.nse
@@ -176,7 +176,7 @@ Driver = {
self.tn3270:find('TSS7000I') or
self.tn3270:find('TSS7110E Password Has Expired. New Password Missing') or
self.tn3270:find('TSS7001I') then
- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
+ -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
return true, creds.Account:new(user, pass, creds.State.VALID)
else
-- ok whoa, something happened, print the screen but don't store as valid
diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse
index b239525..085e3a0 100644
--- a/scripts/ldap-brute.nse
+++ b/scripts/ldap-brute.nse
@@ -233,7 +233,7 @@ action = function( host, port )
-- Login correct, account disabled
if not status and response:match("AcceptSecurityContext error, data 533,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
+ -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
credTable:add(fq_username,password, creds.State.DISABLED_VALID)
break
end
@@ -241,7 +241,7 @@ action = function( host, port )
-- Login correct, user must change password
if not status and response:match("AcceptSecurityContext error, data 773,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.CHANGEPW)
break
end
@@ -249,7 +249,7 @@ action = function( host, port )
-- Login correct, user account expired
if not status and response:match("AcceptSecurityContext error, data 701,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.EXPIRED)
break
end
@@ -257,7 +257,7 @@ action = function( host, port )
-- Login correct, user account logon time restricted
if not status and response:match("AcceptSecurityContext error, data 530,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.TIME_RESTRICTED)
break
end
@@ -265,7 +265,7 @@ action = function( host, port )
-- Login correct, user account can only log in from certain workstations
if not status and response:match("AcceptSecurityContext error, data 531,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.HOST_RESTRICTED)
break
end
@@ -275,7 +275,7 @@ action = function( host, port )
status = is_valid_credential( socket, context )
if status then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
-- Add credentials for other ldap scripts to use
if nmap.registry.ldapaccounts == nil then
nmap.registry.ldapaccounts = {}
diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse
index 5cb29f6..1213906 100644
--- a/scripts/nje-pass-brute.nse
+++ b/scripts/nje-pass-brute.nse
@@ -113,7 +113,7 @@ Driver = {
-- When we send an 'I' record, if the password is invalid it will reply with a 'B' record
-- B in EBCDIC is 0xC2
if data:sub(19,19) ~= "\xc2" then
- stdnse.verbose(2,"Valid NJE Password: %s", password)
+ -- stdnse.verbose(2,"Valid NJE Password: %s", password)
return true, creds.Account:new("Password", password, creds.State.VALID)
end
return false, brute.Error:new( "Invalid Password" )
diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
index 8a94987..1fb4b0e 100644
--- a/scripts/oracle-brute.nse
+++ b/scripts/oracle-brute.nse
@@ -156,7 +156,7 @@ Driver =
return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
-- check for any other message
elseif ( data:match("ORA[-]%d+")) then
- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
+ -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
return false, brute.Error:new(data)
-- any other errors are likely communication related, attempt to re-try
else
diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse
index ff52c0c..2690a13 100644
--- a/scripts/tso-brute.nse
+++ b/scripts/tso-brute.nse
@@ -99,7 +99,7 @@ Driver = {
local skip = self.options['skip']
stdnse.debug(2,"Getting to TSO")
local run = stringaux.strsplit(";%s*", commands)
- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
+ -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
for i = 1, #run do
stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,run[i])
if i == #run and run[i]:upper():find("LOGON APPLID") and skip then
@@ -159,7 +159,7 @@ Driver = {
return false, brute.Error:new( "User ID not authorized to use TSO" )
else
-- It's a valid account so lets try a password
- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
+ -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
if always_logon then
local writeable = self.tn3270:writeable()
-- This turns on the 'reconnect' which may boot users off
--
2.33.0