Mailing List Archive

SSH local checks broken?
Hi!

After an upgrade of nessus-plugins local ssh checks don't work. They
worked before, so it shouldn't be a configuration error.

nessusd.messages contains this error:
[Mon Nov 15 19:20:20 2004][10070] user thomas : launching
ssh_get_info.nasl against localhost [10076]
[Mon Nov 15 19:20:20 2004][10070] SIGSEGV occured !

(this happens with all SSH related plugins, not only ssh_get_info)

nessusd.dump contains this:
[9846] plug_set_key:internal_send(4)[.'1 SentData/12634/NOTE=It was possible to log into the remote host usi
ng the supplied password\nThe output of "uname -a" is :\nLinux polynoe.hq 2.6.6 #1 Fri Sep 24 11:54:16 CEST
2004 i686 unknown\n\nThe remote Debian system is :\n3.0\n\nLocal security checks have been enabled for thi
s host.;
']: Broken pipe
set key Success/12634 -> 1
[9846] plug_set_key:internal_send(4)['3 Success/12634=1;
']: Broken pipe
set key /tmp/rpc/noportmap/32771 -> 1

But this info doesn't show up in the report.

Has anybody else experienced this with todays CVS HEAD?

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/
Re: SSH local checks broken? [ In reply to ]
* Thomas Arendsen Hein <thomas@intevation.de> [20041115 20:10]:
> nessusd.messages contains this error:
> [Mon Nov 15 19:20:20 2004][10070] user thomas : launching
> ssh_get_info.nasl against localhost [10076]
> [Mon Nov 15 19:20:20 2004][10070] SIGSEGV occured !
>
> (this happens with all SSH related plugins, not only ssh_get_info)

It seems this sometimes happens with other plugins, too.
Here is the backtrace of a segfaulting plugin:

#2 0x0805036a in sighand_segv () at sighand.c:220
#3 0x402216b8 in sigaction () from /lib/libc.so.6
#4 0x080581aa in nes_thread (args=0x80d5fd8) at nes_plugins.c:310
#5 0x08050558 in create_process (function=0x8057fb4 <nes_thread>,
argument=0x80d5fd8) at processes.c:108
#6 0x08057f94 in nes_plugin_launch (globals=0x8308ee0, plugin=0x80d5fd8,
hostinfos=0x8479530, preferences=0x80921b8, kb=0x40358008,
name=0xbfffe9b4 "/vol1/projects/boss/nessus/install/lib/nessus/plugins/linux_tftp.nes") at nes_plugins.c:244
#7 0x0805f9f9 in plugin_launch (globals=0x8308ee0, sched=0x83610c8,
plugin=0x83cb348, hostinfos=0x8479530, preferences=0x80921b8,
kb=0x40358008,
name=0xbfffe9b4 "/vol1/projects/boss/nessus/install/lib/nessus/plugins/linux_tftp.nes", launcher=0x80690c4) at pluginlaunch.c:440
#8 0x0804c443 in launch_plugin (globals=0x8308ee0, sched=0x83610c8,
plugin=0x83cb348, hostname=0xbfffef10 "localhost", cur_plug=0xbfffee24,
num_plugs=5280, hostinfos=0x8479530, kb=0x40358008, new_kb=0)
at attack.c:270
#9 0x0804c826 in attack_host (globals=0x8308ee0, hostinfos=0x8479530,
hostname=0xbfffef10 "localhost", sched=0x83610c8) at attack.c:404
#10 0x0804cb02 in attack_start (args=0xbfffeef8) at attack.c:500
#11 0x08050558 in create_process (function=0x804c904 <attack_start>,
argument=0xbfffeef8) at processes.c:108
#12 0x0804d6e6 in attack_network (globals=0x8308ee0) at attack.c:797
#13 0x080593a6 in server_thread (globals=0x8308ee0) at nessusd.c:518
#14 0x08050558 in create_process (function=0x8058d48 <server_thread>,
argument=0x8308ee0) at processes.c:108
#15 0x08059c47 in main_loop () at nessusd.c:863
#16 0x0805a961 in main (argc=1, argv=0xbffffa64, envp=0xbffffa6c)
at nessusd.c:1354


print arg_dump(0x80d5fd8, 0) in gdb yields this:
#19 0x40057f30 in arg_dump (args=0x8093ae8, level=17216) at arglists.c:396
#20 0x40057f30 in arg_dump (args=0x8308960, level=17215) at arglists.c:396
#21 0x40057f30 in arg_dump (args=0x84d8ff8, level=17214) at arglists.c:396
#22 0x40057f30 in arg_dump (args=0x8093ae8, level=17213) at arglists.c:396
#23 0x40057f30 in arg_dump (args=0x8308960, level=17212) at arglists.c:396
#24 0x40057f30 in arg_dump (args=0x84d8ff8, level=17211) at arglists.c:396
#25 0x40057f30 in arg_dump (args=0x8093ae8, level=17210) at arglists.c:396
[...]
#17227 0x40057f30 in arg_dump (args=0x8093ae8, level=8) at arglists.c:396
#17228 0x40057f30 in arg_dump (args=0x8308960, level=7) at arglists.c:396
#17229 0x40057f30 in arg_dump (args=0x84d8ff8, level=6) at arglists.c:396
#17230 0x40057f30 in arg_dump (args=0x8093ae8, level=5) at arglists.c:396
#17231 0x40057f30 in arg_dump (args=0x8308960, level=4) at arglists.c:396
#17232 0x40057f30 in arg_dump (args=0x84d8ff8, level=3) at arglists.c:396
#17233 0x40057f30 in arg_dump (args=0x8093ae8, level=2) at arglists.c:396
#17234 0x40057f30 in arg_dump (args=0x8308960, level=1) at arglists.c:396
#17235 0x40057f30 in arg_dump (args=0x8488b70, level=0) at arglists.c:396

(gdb) print *(struct arglist*)0x8093ae8
$2 = {name = 0x8093c98 "apache_server_status.nasl", type = 4,
value = 0x8093b28, length = -1, next = 0x8093cb8, hash = 2140}

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/
Re: SSH local checks broken? [ In reply to ]
On Mon, Nov 15, 2004 at 07:36:45PM +0100, Thomas Arendsen Hein wrote:
> Hi!
>
> After an upgrade of nessus-plugins local ssh checks don't work. They
> worked before, so it shouldn't be a configuration error.

It might have to do with Michel's .inc pre-parsing feature.
Un-comment the call to 'nasl_preload_include_files()' in
nessusd/pluginload.c and tell us if it fixes your problem.

Thanks,

-- Renaud
Re: SSH local checks broken? [ In reply to ]
On Mon Nov 15 2004 at 19:36, Thomas Arendsen Hein wrote:

> After an upgrade of nessus-plugins local ssh checks don't work. They
> worked before, so it shouldn't be a configuration error.

Did you clean and recompile everything, just in case?
Re: SSH local checks broken? [ In reply to ]
* Michel Arboi <mikhail@nessus.org> [20041116 15:41]:
> On Mon Nov 15 2004 at 19:36, Thomas Arendsen Hein wrote:
>
> > After an upgrade of nessus-plugins local ssh checks don't work. They
> > worked before, so it shouldn't be a configuration error.
>
> Did you clean and recompile everything, just in case?

Yes, I even used "make distclean".

But with your latest update plus including nasl.h it works now.

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/