| Summary: | nmap new security issue fixed upstream in 7.70 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, smelror, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | nmap-7.40-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-03-31 22:30:00 CEST
Advisory ======== Nmap has been updated to fix a security issue. Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and updated the httpspider library API to protect against this by default. References ========== http://seclists.org/nmap-announce/2018/0 Files ===== Uploaded to core/updates_testing nmap-7.40-1.1.mga6. nmap-frontend-7.40-1.1.mga6 from nmap-7.40-1.1.mga6.src.rpm CC:
(none) =>
smelror MGA6-32 on Dell Latitude D600 MATE No installation issues Ran nmapfe and xnmap, which both seem to point to zenmap. Ran a few scans of my desktop PC.Seems OK. Whiteboard:
(none) =>
MGA6-32-OK
Lewis Smith
2018-04-04 11:28:36 CEST
Keywords:
(none) =>
advisory M6 x64 Perhaps just for info. nmap includes several programs: /usr/bin/ncat Concatenate and redirect sockets /usr/bin/ndiff compare the results of Nmap scans /usr/bin/nmap Network exploration tool and security / port scanner /usr/bin/nping Network packet generation tool / ping utility /usr/bin/uninstall_ndiff as does nmap-front-end: /usr/bin/nmapfe /usr/bin/xnmap /usr/bin/zenmap Graphical Nmap frontend and results viewer Most have man pages; if not, -h help. Zenmap is an Nmap frontend. Should be root to run it. I could see no menu entry for it (Tools, System tools).. BEFORE update: nnmap-frontend-7.40-1.mga6 map-7.40-1.mga6 Just to play: # zenmap (zenmap:1636): IBUS-WARNING **: The owner of /home/lewis/.config/ibus/bus is not root! Shows a nice GUI, in which I put Target=localhost, Profile=Quick scan : Starting Nmap 7.40 ( https://nmap.org ) at 2018-04-04 20:42 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.000043s latency). Other addresses for localhost (not scanned): ::1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 90 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 199/tcp open smux 389/tcp open ldap 631/tcp open ipp 5432/tcp open postgresql 8009/tcp open ajp13 8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 1.69 seconds ----------------------------------------------------------- Clean UPDATE to: - nmap-7.40-1.1.mga6.x86_64 - nmap-frontend-7.40-1.1.mga6.x86_64 # zenmap gave the same output as previously for Quick & Regular scan; Intense scan shows a lot more detailed information. Looks good. Whiteboard:
MGA6-32-OK =>
MGA6-32-OK MGA6-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0196.html Status:
NEW =>
RESOLVED |