Hi,
this plugin (11022) reported eDonkey on an invalid port (server name obscured):
Plugin output :
Server name : xxxxx (en) (rus) (de)
UDP port : 306188864
I presume that the presence of a valid-looking server name in the output indicates
that eDonkey is actually present, however the port decoded in this case is definitely
wrong. Is it correct that the port is retrieved from a dword?
Maybe adding a sanity check like this would be worthwhile:
--- eDonkey_detect.nasl 2006-11-30 10:37:25.000000000 +0000
+++ eDonkey_detect.nasl 2006-12-07 10:21:11.000000000 +0000
@@ -118,6 +118,8 @@
info += " UDP port : " + port + '\n';
}
+ if (port < 65536)
+ {
report = string(
desc,
"\n\n",
@@ -126,4 +128,5 @@
info
);
security_note(port:port, data:report);
+ }
}
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
this plugin (11022) reported eDonkey on an invalid port (server name obscured):
Plugin output :
Server name : xxxxx (en) (rus) (de)
UDP port : 306188864
I presume that the presence of a valid-looking server name in the output indicates
that eDonkey is actually present, however the port decoded in this case is definitely
wrong. Is it correct that the port is retrieved from a dword?
Maybe adding a sanity check like this would be worthwhile:
--- eDonkey_detect.nasl 2006-11-30 10:37:25.000000000 +0000
+++ eDonkey_detect.nasl 2006-12-07 10:21:11.000000000 +0000
@@ -118,6 +118,8 @@
info += " UDP port : " + port + '\n';
}
+ if (port < 65536)
+ {
report = string(
desc,
"\n\n",
@@ -126,4 +128,5 @@
info
);
security_note(port:port, data:report);
+ }
}
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers