728x90
Nmap 7.50 [2017-06-13] §
- [Windows] Updated the bundled Npcap from 0.78 to 0.91, with several bugfixes for WiFi connectivity problems and stability issues. [Daniel Miller, Yang Luo]
- Integrated all of your service/version detection fingerprints submitted from September to March (855 of them). The signature count went up 2.9% to 11,418. We now detect 1193 protocols from apachemq, bro, and clickhouse to jmon, slmp, and zookeeper. Highlights: http://seclists.org/nmap-dev/2017/q2/140
- [NSE] Added 14 NSE scripts from 12 authors, bringing the total up to 566! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
- [GH#743] broadcast-ospf2-discover discovers OSPF 2 routers and neighbors. OSPFv2 authentication is supported. [Emiliano Ticci]
- [GH#671] cics-info checks IBM TN3270 services for CICS transaction services and extracts useful information. [Soldier of Fortran]
- [GH#671] cics-user-brute does brute-force enumeration of CICS usernames on IBM TN3270 services. [Soldier of Fortran]
- [GH#669] http-cookie-flags checks HTTP session cookies for HTTPOnly and Secure flags. [Steve Benson]
- http-security-headers checks for the HTTP response headers related to security given in OWASP Secure Headers Project, giving a brief description of the header and its configuration value. [Vinamra Bhatia, Ícaro Torres]
- [GH#740][GH#759] http-vuln-cve2017-5638 checks for the RCE bug in Apache Struts2. [Seth Jackson]
- [GH#876] http-vuln-cve2017-5689 detects a privilege escalation vulnerability (INTEL-SA-00075) in Intel Active Management Technology (AMT) capable systems. [Andrew Orr]
- http-vuln-cve2017-1001000 detects a privilege escalation vulnerability in Wordpress 4.7.0 and 4.7.1 (CVE-2017-1001000) [Vinamra Bhatia]
- [GH#713] impress-remote-discover attempts to pair with the LibreOffice Impress presentation remote service and extract version info. Pairing is PIN-protected, and the script can optionally brute-force the PIN. New service probe and match line also added. [Jeremy Hiebert]
- [GH#854] smb-double-pulsar-backdoor detects the Shadow Brokers-leaked Double Pulsar backdoor in Windows SMB servers. [Andrew Orr]
- smb-vuln-cve-2017-7494 detects a remote code execution vulnerability affecting Samba versions 3.5.0 and greater with writable shares. [Wong Wai Tuck]
- smb-vuln-ms17-010 detects a critical remote code execution vulnerability affecting SMBv1 servers in Microsoft Windows systems (ms17-010). The script also reports patched systems. [Paulino Calderon]
- [GH#686] tls-ticketbleed checks for the Ticketbleed vulnerability (CVE-2016-9244) in F5 BIG-IP appliances. [Mak Kolybabi]
- vmware-version queries VMWare SOAP API for version and product information. Submitted in 2011, this was mistakenly turned into a service probe that was unable to elicit any matches. [Aleksey Tyurin]
- [Ncat] A series of changes and fixes based on feedback from the Red Hat community:
- [GH#157] Ncat will now continue trying to connect to each resolved address for a hostname before declaring the connection refused, allowing it to fallback from IPv6 to IPv4 or to connect to names that use DNS failover. [Jaromir Koncicky, Michal Hlavinka]
- The --no-shutdown option now also works in connect mode, not only in listen mode.
- Made -i/--idle-timeout not cause Ncat in server mode to close while waiting for an initial connection. This was also causing -i to interfere with the HTTP proxy server mode. [Carlos Manso, Daniel Miller]
- [GH#773] Ncat in server mode properly handles TLS renegotiations and other situations where SSL_read returns a non-fatal error. This was causing SSL-over-TCP connections to be dropped. [Daniel Miller]
- Enable --ssl-ciphers to be used with Ncat in client mode, not only in server (listen) mode. [Daniel Miller]
- [NSE][GH#266][GH#704][GH#238][GH#883] NSE libraries smb and msrpc now use fully qualified paths. SMB scripts now work against all modern versions of Microsoft Windows. [Paulino Calderon]
- [NSE] smb library's share_get_list now properly uses anonymous connections first before falling back authenticating as a known user.
- New service probes and matches for Apache HBase and Hadoop MapReduce. [Paulino Calderon]
- Extended Memcached service probe and added match for Apache ZooKeeper. [Paulino Calderon]
- [NSE] New script argument "vulns.short" will reduce vulns library script output to a single line containing the target name or IP, the vulnerability state, and the CVE ID or title of the vulnerability. [Daniel Miller]
- [NSE][GH#862] SNMP scripts will now take a community string provided like `--script-args creds.snmp=private`, which previously did not work because it was interpreted as a username. [Daniel Miller]
- [NSE] Resolved several issues in the default HTTP redirect rules:[nnposter]
- [NSE][GH#766] The HTTP Host header will now include the port unless it is the default one for a given scheme. [nnposter]
- [NSE] The HTTP response object has a new member, fragment, which contains a partially received body (if any) when the overall request fails to complete. [nnposter]
- [NSE][GH#866] NSE now allows cookies to have arbitrary attributes, which are silently ignored (in accordance with RFC 6265). Unrecognized attributes were previously causing HTTP requests with such cookies to fail. [nnposter]
- [NSE][GH#844] NSE now correctly parses a Set-Cookie header that has unquoted whitespace in the cookie value (which is allowed per RFC 6265). [nnposter]
- [NSE][GH#731] NSE is now able to process HTTP responses with a Set-Cookie header that has an extraneous trailing semicolon. [nnposter]
- [NSE][GH#708] TLS SNI now works correctly for NSE HTTP requests initiated with option any_af. As an added benefit, option any_af is now available for all connections via comm.lua, not just HTTP requests. [nnposter]
- [NSE][GH#781] There is a new common function, url.get_default_port(), to obtain the default port number for a given scheme. [nnposter]
- [NSE][GH#833] Function url.parse() now returns the port part as a number, not a string. [nnposter]
- No longer allow ICMP Time Exceeded messages to mark a host as down during host discovery. Running traceroute at the same time as Nmap was causing interference. [David Fifield]
- [NSE][GH#807] Fixed a JSON library issue that was causing long integers to be expressed in the scientific/exponent notation. [nnposter]
- [NSE] Fixed several potential hangs in NSE scripts that used receive_buf(pattern), which will not return if the service continues to send data that does not match pattern. A new function in match.lua, pattern_limit, is introduced to limit the number of bytes consumed while searching for the pattern. [Daniel Miller, Jacek Wielemborek]
- [Nsock] Handle any and all socket connect errors the same: raise as an Nsock error instead of fatal. This prevents Nmap and Ncat from quitting with "Strange error from connect:" [Daniel Miller]
- [NSE] Added several commands to redis-info to extract listening addresses, connected clients, active channels, and cluster nodes. [Vasiliy Kulikov]
- [NSE][GH#679][GH#681] Refreshed script http-robtex-reverse-ip, reflecting changes at the source site (www.robtex.com). [aDoN]
- [NSE][GH#620][GH#715] Added 8 new http-enum fingerprints for Hadoop infrastructure components. [Thomas Debize, Varunram Ganesh]
- [NSE][GH#629] Added two new fingerprints to http-default-accounts (APC Management Card, older NetScreen ScreenOS) [Steve Benson, nnposter]
- [NSE][GH#716] Fix for oracle-tns-version which was sending an invalid TNS probe due to a string escaping mixup. [Alexandr Savca]
- [NSE][GH#694] ike-version now outputs information about supported attributes and unknown vendor ids. Also, a new fingerprint for FortiGate VPNs was submitted by Alexis La Goutte. [Daniel Miller]
- [GH#700] Enabled support for TLS SNI on the Windows platform. [nnposter]
- [GH#649] New service probe and match lines for the JMON and RSE services of IBM Explorer for z/OS. [Soldier of Fortran]
- Removed a duplicate service probe for Memcached added in 2011 (the original probe was added in 2008) and reported as duplicate in 2013 by Pavel Kankovsky.
- New service probe and match line for NoMachine NX Server remote desktop. [Justin Cacak]
- [Zenmap] Fixed a recurring installation problem on OS X/macOS where Zenmap was installed to /Applications/Applications/Zenmap.app instead of /Applications/Zenmap.app.
- [Zenmap][GH#639] Zenmap will no longer crash when no suitable temporary directory is found. Patches contributed by [Varunram Ganesh] and [Sai Sundhar]
- [Zenmap][GH#626] Zenmap now properly handles the -v0 (no output) option, which was added in Nmap 7.10. Previously, this was treated the same as not specifying -v at all. [lymanZerga11]
- [GH#630] Updated or removed some OpenSSL library calls that were deprecated in OpenSSL 1.1. [eroen]
- [NSE] Script ssh-hostkey now recognizes and reports Ed25519 keys [nnposter]
- [NSE][GH#627] Fixed script hang in several brute scripts due to the "threads" script-arg not being converted to a number. Error message was "nselib/brute.lua:1188: attempt to compare number with string" [Arne Beer]
728x90
'취약점 정보2' 카테고리의 다른 글
Adobe 제품군 보안 업데이트 권고 (0) | 2017.06.15 |
---|---|
우분투 TLS 원격 리모트 취약점 발견 업데이트 안내 (0) | 2017.06.14 |
Windows XP, Vista, 8, Server 2003 보안 업데이트 권고 (0) | 2017.06.14 |
MS 6월 보안 위협에 따른 정기 보안 업데이트 권고 (0) | 2017.06.14 |
Cisco 제품군 취약점 보안 업데이트 권고 (0) | 2017.06.09 |