Bug#358825: marked as done (libnet-ssleay-perl: Causes nikto to fail with SSL connections)

Debian Bug Tracking System Sat, 13 Sep 2008 10:01:15 -0700

Your message dated Sat, 13 Sep 2008 18:51:49 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Processed: reassign 358825 to nikto
has caused the Debian Bug report #358825,
regarding libnet-ssleay-perl: Causes nikto to fail with SSL connections
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
358825: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358825
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: libnet-ssleay-perl
Version: 1.30-1
Severity: normal

I'm not sure if the issue is with ssleay or libssl0.9.8, but nikto 
version 1.35-1 does not work for SSL connections.  It works normally for 
regular HTTP sessions.  Here is the output from an SSL session:

$ nikto -h miller -p 443 -ssl
---------------------------------------------------------------------------
- Nikto 1.35/1.36     -     www.cirt.net
+ No HTTP(s) ports found on miller / 443
+ 1 host(s) tested

The debug output isn't much help:

$ nikto -h miller -p 443 -ssl -debug
---------------------------------------------------------------------------
- Nikto 1.35/1.36     -     www.cirt.net
D: - Target id:1:ident:miller:ports_in:443:
D: - Request Hash:
D: - Connection: Keep-Alive
D: - Host: miller
D: - User-Agent: Mozilla/4.75 (Nikto/1.35 )
D: - $whisker->INITIAL_MAGIC: 31337
D: - $whisker->anti_ids:
D: - $whisker->force_bodysnatch: 0
D: - $whisker->force_close: 0
D: - $whisker->force_open: 0
D: - $whisker->host: miller
D: - $whisker->http_req_trailer:
D: - $whisker->http_ver: 1.1
D: - $whisker->ignore_duplicate_headers: 1
D: - $whisker->include_host_in_uri: 0
D: - $whisker->lowercase_incoming_headers: 1
D: - $whisker->method: HEAD
D: - $whisker->method_postfix:
D: - $whisker->normalize_incoming_headers: 1
D: - $whisker->port: 443
D: - $whisker->req_spacer:  
D: - $whisker->req_spacer2:  
D: - $whisker->retry: 1
D: - $whisker->save_ssl_info: 1
D: - $whisker->ssl: 1
D: - $whisker->timeout: 10
D: - $whisker->trailing_slurp: 0
D: - $whisker->uri: /
D: - $whisker->uri_param_sep: ?
D: - $whisker->uri_postfix:
D: - $whisker->uri_prefix:
D: - Result Hash:
D: - $whisker->INITIAL_MAGIC    31338
D: - $whisker->error    Error sending request to server: Could not send 
entire data queue
D: - $whisker->retry_errors     ARRAY(0x85eff50)
D: - $whisker->ssl_cert_issuer  
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/[EMAIL
 PROTECTED]
D: - $whisker->ssl_cert_subject         
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/[EMAIL
 PROTECTED]
D: - $whisker->ssl_cipher       DHE-RSA-AES256-SHA
D: - $whisker->uri      /
+ No HTTP(s) ports found on miller / 443
+ 1 host(s) tested

The results are the same with nikto-1.35 from cirt.org.  It includes 
libwhisker 1.7.

The Auditor Security Collection CD image (version 200605-02-ipw2100) 
from remote-exploit.org, which is based on Debian,  works with this 
combination of packages:

nikto 1.32
libwhisker-perl 1.7
libnet-ssleay-perl 1.25
libssl0.9.7 0.9.7e

Other installed packages related to this bug:
ii  libwhisker-per 1.8-1          Perl module geared for HTTP testing
ii  nikto          1.35-1         web server security scanner


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (600, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libnet-ssleay-perl depends on:
ii  libc6                         2.3.6-4    GNU C Library: Shared libraries an
ii  libssl0.9.8                   0.9.8a-8   SSL shared libraries
ii  perl                          5.8.8-3    Larry Wall's Practical Extraction 
ii  perl-base [perlapi-5.8.7]     5.8.8-3    The Pathologically Eclectic Rubbis

libnet-ssleay-perl recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

reassign 358825 libwhisker2-perl
fixed 358825 2.4-1
thanks

OoO Lors de la soirée naissante du samedi 13 septembre 2008, vers 18:15,
[EMAIL PROTECTED] (Debian Bug Tracking System) disait :

> Processing commands for [EMAIL PROTECTED]:
>> # Automatically generated email from bts, devscripts version 2.10.26ubuntu12
>> reassign 358825 nikto
> Bug#358825: libnet-ssleay-perl: Causes nikto to fail with SSL connections
> Bug reassigned from package `libwhisker-perl' to `nikto'.

This bug  is corrected in  libwhisker2-perl (the line is  commented out,
SSLv3 works fine in Nikto).

Marco,  I think that  assigning bug  to other  package without  a single
explanation  is a  bit rude.  Please,  provide an  explanation when  you
reassign bug.
-- 
 /* Thanks to Rob `CmdrTaco' Malda for not influencing this code in any
  * way.
  */
        2.4.3 linux/net/core/netfilter.c

pgpGFQipBZqpW.pgp
Description: PGP signature

--- End Message ---

Bug#358825: marked as done (libnet-ssleay-perl: Causes nikto to fail with SSL connections)

Reply via email to