NMap 7.70 has been released on March 20: http://seclists.org/nmap-announce/2018/0 It lists one security issue fixed. Fedora has issued an advisory for this on March 28: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZZY3ZG2VYAO27NNQ5ETQN6ZBLSRO5EC3/
Advisory ======== Nmap has been updated to fix a security issue. Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and updated the httpspider library API to protect against this by default. References ========== http://seclists.org/nmap-announce/2018/0 Files ===== Uploaded to core/updates_testing nmap-7.40-1.1.mga6. nmap-frontend-7.40-1.1.mga6 from nmap-7.40-1.1.mga6.src.rpm
CC: (none) => smelrorAssignee: guillomovitch => qa-bugs
MGA6-32 on Dell Latitude D600 MATE No installation issues Ran nmapfe and xnmap, which both seem to point to zenmap. Ran a few scans of my desktop PC.Seems OK.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Keywords: (none) => advisory
M6 x64 Perhaps just for info. nmap includes several programs: /usr/bin/ncat Concatenate and redirect sockets /usr/bin/ndiff compare the results of Nmap scans /usr/bin/nmap Network exploration tool and security / port scanner /usr/bin/nping Network packet generation tool / ping utility /usr/bin/uninstall_ndiff as does nmap-front-end: /usr/bin/nmapfe /usr/bin/xnmap /usr/bin/zenmap Graphical Nmap frontend and results viewer Most have man pages; if not, -h help. Zenmap is an Nmap frontend. Should be root to run it. I could see no menu entry for it (Tools, System tools).. BEFORE update: nnmap-frontend-7.40-1.mga6 map-7.40-1.mga6 Just to play: # zenmap (zenmap:1636): IBUS-WARNING **: The owner of /home/lewis/.config/ibus/bus is not root! Shows a nice GUI, in which I put Target=localhost, Profile=Quick scan : Starting Nmap 7.40 ( https://nmap.org ) at 2018-04-04 20:42 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.000043s latency). Other addresses for localhost (not scanned): ::1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 90 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 199/tcp open smux 389/tcp open ldap 631/tcp open ipp 5432/tcp open postgresql 8009/tcp open ajp13 8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 1.69 seconds ----------------------------------------------------------- Clean UPDATE to: - nmap-7.40-1.1.mga6.x86_64 - nmap-frontend-7.40-1.1.mga6.x86_64 # zenmap gave the same output as previously for Quick & Regular scan; Intense scan shows a lot more detailed information. Looks good.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0196.html
Status: NEW => RESOLVEDResolution: (none) => FIXED