[Openvas-devel] segfault : openvas-nasl 5.0.1 + nmap.nasl

Sebastien Aucouturier Mon, 11 Jun 2012 02:29:11 -0700

Was digging another strange things (my udp ports do not appear inreport) when i found this segfault behaviour that may interest the devteam.

openvas-nasl -V

openvas-nasl 5.0.1


Copyright (C) 2002 - 2004 Tenable Network Security
Copyright (C) 2009 Greenbone Networks GmbH

openvas-nasl -t 10.1.0.18  /var/lib/openvas/plugins/nmap.nasl -T -

[2296]() init_openvas_gpgme_ctx: setting homedir '/etc/openvas/gnupg'

[2296]() nasl_verify_signature: loading scriptfile'/var/lib/openvas/plugins/nmap.nasl'[2296]() nasl_verify_signature: loading signature file'/var/lib/openvas/plugins/nmap.nasl.asc'

[2296]() nasl_verify_signature: gpgme_op_verify -> '0'
[2296]() examine_signatures
[2296]() examine_signatures: signature #1:
[2296]() examine_signatures:    summary: 3
[2296]() examine_signatures:    validity: 4
[2296]() examine_signatures:    status: Success
[2296]() examine_signatures:    timestamp: 1336392275
[2296]() examine_signatures:    exp_timestamp: 0

[2296]() examine_signatures: fpr:C3B468D2288C68B9D526452248479FF648DB4530

[2296]() examine_signatures: signature is valid
[2296]() init_openvas_gpgme_ctx: setting homedir '/etc/openvas/gnupg'
[2296]() nasl_verify_signature: loading scriptfile 'toolcheck.inc'

[2296]() nasl_verify_signature: loading signature file'toolcheck.inc.asc'

[2296]() nasl_verify_signature: gpgme_op_verify -> '0'
[2296]() examine_signatures
[2296]() examine_signatures: signature #1:
[2296]() examine_signatures:    summary: 3
[2296]() examine_signatures:    validity: 4
[2296]() examine_signatures:    status: Success
[2296]() examine_signatures:    timestamp: 1293104411
[2296]() examine_signatures:    exp_timestamp: 0

[2296]() examine_signatures: fpr:C3B468D2288C68B9D526452248479FF648DB4530

[2296]() examine_signatures: signature is valid
[2296]() init_openvas_gpgme_ctx: setting homedir '/etc/openvas/gnupg'
[2296]() nasl_verify_signature: loading scriptfile 'host_details.inc'

[2296]() nasl_verify_signature: loading signature file'host_details.inc.asc'

[2296]() nasl_verify_signature: gpgme_op_verify -> '0'
[2296]() examine_signatures
[2296]() examine_signatures: signature #1:
[2296]() examine_signatures:    summary: 3
[2296]() examine_signatures:    validity: 4
[2296]() examine_signatures:    status: Success
[2296]() examine_signatures:    timestamp: 1336392275
[2296]() examine_signatures:    exp_timestamp: 0

[2296]() examine_signatures: fpr:C3B468D2288C68B9D526452248479FF648DB4530

[2296]() examine_signatures: signature is valid
[2296]() init_openvas_gpgme_ctx: setting homedir '/etc/openvas/gnupg'
[2296]() nasl_verify_signature: loading scriptfile 'xml.inc'
[2296]() nasl_verify_signature: loading signature file 'xml.inc.asc'
[2296]() nasl_verify_signature: gpgme_op_verify -> '0'
[2296]() examine_signatures
[2296]() examine_signatures: signature #1:
[2296]() examine_signatures:    summary: 3
[2296]() examine_signatures:    validity: 4
[2296]() examine_signatures:    status: Success
[2296]() examine_signatures:    timestamp: 1322141741
[2296]() examine_signatures:    exp_timestamp: 0

[2296]() examine_signatures: fpr:C3B468D2288C68B9D526452248479FF648DB4530

[2296]() examine_signatures: signature is valid
[2296]() NASL> [0x160c2c38] <- 1
[2296]() NASL> [0x160c2c68] <- 0
[2296]() NASL> [0x160c2c98] <- 5
[2296]() NASL> [0x160c2cd0] <- 6
[2296]() NASL> [0x160c2d08] <- 17
[2296]() NASL> [0x160c2d40] <- 1
[2296]() NASL> [0x160c2d78] <- 0
[2296]() NASL> [0x160c2da8] <- 2
[2296]() NASL> [0x160c2de0] <- 1
[2296]() NASL> [0x160c2e10] <- 2
[2296]() NASL> [0x160c2e48] <- 3
[2296]() NASL> [0x160c2e80] <- 4
[2296]() NASL> [0x160c2eb8] <- 5
[2296]() NASL> [0x160c2ef0] <- 2320
[2296]() NASL> [0x160c2f28] <- 1
[2296]() NASL> [0x160c2f58] <- 2
[2296]() NASL> [0x160c2f88] <- 4
[2296]() NASL> [0x160c2fb8] <- 8
[2296]() NASL> [0x160c2fe8] <- 16
[2296]() NASL> [0x160c3018] <- 32
[2296]() NASL> [0x160c3048] <- 32768
[2296]() NASL> [0x160c3078] <- 16384
[2296]() NASL> [0x160c30a8] <- 8192
[2296]() NASL> [0x160c30d8] <- 8191
[2296]() NASL> [0x160c3108] <- 0
[2296]() NASL> [0x160c3138] <- 3
[2296]() NASL> [0x160c3170] <- 4
[2296]() NASL> [0x160c31a0] <- 5
[2296]() NASL> [0x160c31d8] <- 6
[2296]() NASL> [0x160c3218] <- 7
[2296]() NASL> [0x160c3248] <- 1
[2296]() NASL> [0x160c3280] <- 2
[2296]() NASL> [0x160c32b8] <- 8
[2296]() NASL> [0x160c32f0] <- 9
[2296]() NASL> [0x160c3320] <- 10
[2296]() NASL> [0x160c3350] <- 1
[2296]() NASL> [0x160c3380] <- 0
[2296]() NASL> [0x160c33b0] <- 1
[2296]() NASL> [0x160c33e0] <- 2
[2296]() NASL> [0x160c3410] <- 3
[2296]() NASL> [0x160c3440] <- 99
[2296]() NASL> [0x160c3470] <- "5.0.1"
[2296]() NASL> [0x160c34e8] <- 1
[2296]() NASL> [0x160c3520] <- 0
[2296]() NASL> [0x160c3558] <- "nmap.nasl"
NASL:0112> if (description) { ... }
[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> [0x160c3520] -> 0
NASL:0113> exit_if_not_found(...)
[2296]() NASL> [0x160c3940] <- "nmap"

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Callexit_if_not_found(toolname: "nmap")

NASL:0043> if (defined_func(...)) { ... }
NASL:0040> defined_func(...)
[2296]() NASL> [0x160c38c0] <- "script_mandatory_keys"

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Call defined_func(1:"script_mandatory_keys")

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Return defined_func: 1
NASL:0041> return NULL;

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Returnexit_if_not_found: FAKE

NASL:0080> OS_CPE_SRC=make_list(...);
NASL:0080> make_list(...)
[2296]() NASL> [0x160c3c40] <- "1.3.6.1.4.1.25623.1.0.102011"
[2296]() NASL> [0x160c3c28] <- "1.3.6.1.4.1.25623.1.0.103220"
[2296]() NASL> [0x160c3d08] <- "1.3.6.1.4.1.25623.1.0.103418"
[2296]() NASL> [0x160c3d68] <- "1.3.6.1.4.1.25623.1.0.103417"
[2296]() NASL> [0x160c3d20] <- "1.3.6.1.4.1.25623.1.0.50282"
[2296]() NASL> [0x160c3e10] <- "1.3.6.1.4.1.25623.1.0.10401"
[2296]() NASL> [0x160c3da8] <- "1.3.6.1.4.1.25623.1.0.104000"
[2296]() NASL> [0x160c3de8] <- "1.3.6.1.4.1.25623.1.0.10267"
[2296]() NASL> [0x160c3e50] <- "1.3.6.1.4.1.25623.1.0.103429"
[2296]() NASL> [0x160c3e90] <- "1.3.6.1.4.1.25623.1.0.102002"

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Call make_list(1:"1.3.6.1.4.1.25623.1.0.102011", 2: "1.3.6.1.4.1.25623.1.0.103220", 3:"1.3.6.1.4.1.25623.1.0.103418", 4: "1.3.6.1.4.1.25623.1.0.103417", 5:"1.3.6.1.4.1.25623.1.0.50282", 6: "1.3.6.1.4.1.25623.1.0.10401", 7:"1.3.6.1.4.1.25623.1.0.10400 ...)[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Return make_list: ????(DYN_ARRAY (64))

[2296]() NASL> [0x160c3940] <- (VAR2_ARRAY)
NASL:0094> OS_TXT_SRC=make_list(...);
NASL:0094> make_list(...)
[2296]() NASL> [0x160c4148] <- "1.3.6.1.4.1.25623.1.0.103220"
[2296]() NASL> [0x160c3b48] <- "1.3.6.1.4.1.25623.1.0.103418"
[2296]() NASL> [0x160c40d8] <- "1.3.6.1.4.1.25623.1.0.103417"
[2296]() NASL> [0x160c40c0] <- "1.3.6.1.4.1.25623.1.0.50282"
[2296]() NASL> [0x160c4058] <- "1.3.6.1.4.1.25623.1.0.101013"
[2296]() NASL> [0x160c3fa8] <- "1.3.6.1.4.1.25623.1.0.104000"
[2296]() NASL> [0x160c4000] <- "1.3.6.1.4.1.25623.1.0.14259"
[2296]() NASL> [0x160c3fc0] <- "1.3.6.1.4.1.25623.1.0.102011"
[2296]() NASL> [0x160c3be0] <- "1.3.6.1.4.1.25623.1.0.103429"
[2296]() NASL> [0x160c3ba0] <- "1.3.6.1.4.1.25623.1.0.102002"
[2296]() NASL> [0x160c3b60] <- "1.3.6.1.4.1.25623.1.0.10884"

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Call make_list(1:"1.3.6.1.4.1.25623.1.0.103220", 2: "1.3.6.1.4.1.25623.1.0.103418", 3:"1.3.6.1.4.1.25623.1.0.103417", 4: "1.3.6.1.4.1.25623.1.0.50282", 5:"1.3.6.1.4.1.25623.1.0.101013", 6: "1.3.6.1.4.1.25623.1.0.104000", 7:"1.3.6.1.4.1.25623.1.0.1425 ...)[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Return make_list: ????(DYN_ARRAY (64))

[2296]() NASL> [0x160c4018] <- (VAR2_ARRAY)
NASL:0119> phase=0;
[2296]() NASL> [0x160c4570] <- 0
NASL:0133> if (defined_func(...)) { ... }
NASL:0120> defined_func(...)
[2296]() NASL> [0x160c48f8] <- "scan_phase"

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Call defined_func(1:"scan_phase")

[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Return defined_func: 1
NASL:0122> phase=scan_phase(...);
NASL:0122> scan_phase(...)
[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Call scan_phase()
[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Return scan_phase: 0
[2296]() NASL> [0x160c4570] <- 0
NASL:0144> if (phase == 2) { ... }
[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> [0x160c4570] -> 0
NASL:0144> tmpfile=NULL;
[2296]() NASL> [0x160c4828] <- (Type 0x0)
NASL:0161> safe_opt=script_get_preference(...);
NASL:0161> script_get_preference(...)

[2296]() NASL> [0x160c48f8] <- "Run dangerous port scans even if safechecks are set"[2296](/var/lib/openvas/plugins/nmap.nasl) NASL> Callscript_get_preference(1: "Run dangerous port scans even if safe checksare set")

Segmentation fault




--
    | Sébastien AUCOUTURIER | Software Design Engineer Lead
    | ITrust | 55 rue l'Occitane BP 67303 31673 LABEGE CEDEX
    | Email: s.aucoutur...@itrust.fr
    | Fixe Sdt. 05.67.34.67.80 | Fax. 09.80.08.37.23
    | IT Security Services & SaaS Editor
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel

[Openvas-devel] segfault : openvas-nasl 5.0.1 + nmap.nasl

Reply via email to