Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

broadcast-avahi-dos vuln error and potential workaround #2841

Open
mdsandell opened this issue May 15, 2024 · 0 comments
Open

broadcast-avahi-dos vuln error and potential workaround #2841

mdsandell opened this issue May 15, 2024 · 0 comments
Labels
Nmap

Comments

@mdsandell
Copy link

Describe the bug
Failure running vuln test. Not critical, as vuln continues with other checks, but any results from broadcast-avahi-dos are lost:

NSE: broadcast-avahi-dos threw an error!
/usr/local/bin/../share/nmap/nselib/dnssd.lua:70: attempt to index a nil value (field 'name')
stack traceback:
	/usr/local/bin/../share/nmap/nselib/dnssd.lua:70: in function </usr/local/bin/../share/nmap/nselib/dnssd.lua:67>
	[C]: in function 'table.sort'
	/usr/local/bin/../share/nmap/nselib/dnssd.lua:382: in method 'queryServices'
	.../local/bin/../share/nmap/scripts/broadcast-avahi-dos.nse:59: in function <.../local/bin/../share/nmap/scripts/broadcast-avahi-dos.nse:54>
	(...tail calls...)

To Reproduce
On MacOS 12.6.8, in the Terminal, running nmap 7.94 or 7.95:

nmap --script vuln –webxml -oX example.xml 10.1.2.3

Expected behavior
I'm far from an nmap expert and this is my first time even testing "vuln," but obviously you want the test to finish with as much info as possible.

Version info (please complete the following information):

  • OS: MacOS 12.6.8
  • Output of nmap --version: Nmap version 7.95 ( https://nmap.org ) Platform: x86_64-apple-darwin21.6.0 Compiled with: nmap-liblua-5.4.6 openssl-3.0.13 nmap-libssh2-1.11.0 libz-1.3.1 nmap-libpcre2-10.43 nmap-libpcap-1.10.4 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: kqueue poll select (also tested with 7.94)
  • Output of nmap --iflist: I'd rather not for internal security purposes. Apologies if this is truly necessary and makes it harder to debug.

Additional context
I'm not sure if it's appropriate or not, but one simple workaround is to modify /usr/local/bin/../share/nmap/nselib/dnssd.lua, lines 70 and 71, to check for the name key being nil, like so:

    local port_a = a.name ~= nil and (a.name:match("^(%d+)") or 999999) or 999999
    local port_b = b.name ~= nil and (b.name:match("^(%d+)") or 999999) or 999999

This allows the test to complete again, but if it only serves to mask a larger problem or not, I'm unaware. I imagine this nil crash stems from adding the empty table on line 368 in the same dnssd.lua file:
ipsvctbl[r.peer] = ipsvctbl[r.peer] or {}
@mdsandell mdsandell added the Nmap label May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Nmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mdsandell