Bug 862577
Summary: | Can not scan https / ssl in 2.1.5-2 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kjetil Nygård <polpot78> | ||||
Component: | nikto | Assignee: | Huzaifa S. Sidhpurwala <huzaifas> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 17 | CC: | huzaifas, paul, ppisar, rebus | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-12-20 15:21:08 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 862937 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Kjetil Nygård
2012-10-03 09:36:52 UTC
Created attachment 620751 [details]
New nikto.spec file
Figured out that the problem is that Nikto uses a modified version of LW2.pm.
Therefore modified the spec-file. (Attached.)
Should also remove the "nikto-libwhisker2.patch" file.
Hello Kjetil, this is against the pakaging guidelines to use embedded libraries. If possible we should have one libwhisker in the system. That is the reason why there was some libwhisker2 patch in the first place. Simple commenting out the line works, but is indeed somehow greedy in resources. #set SSL Engine #LW2::init_ssl_engine($CONFIGFILE{'LW_SSL_ENGINE'}); I would say it is libwhisker which should be patched or maybe even the Net:SSLey, if it is really the one who leaks. There seems to be some more thing on the other hand some more issue which needs attention. With this release all db_* files moved from /usr/share/nikto/plugins to /usr/share/nikto/database. Michal Ambroz I just confirmed the memory leak is really there. The memory leak in Net::SSleay is best demonstrated on a ssl server, which takes long to response. Using the libwhisker from nikto2 using Net::SSL would be running ok (cca 30M of memory), but using the system libwhisker Some more info: http://attrition.org/pipermail/nikto-discuss/2008-April/000032.html but using system libwhisker - the Net::SSLeay is preffered and it quickly eats all the memory (2Gigs in less than minute scanning single host) nikto-2.1.5-3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/nikto-2.1.5-3.fc17 Package nikto-2.1.5-3.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nikto-2.1.5-3.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-15415/nikto-2.1.5-3.fc17 then log in and leave karma (feedback). nikto-2.1.5-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |