A flaw in the http-domino-enum-password NSE script for Nmap was discovered [1]. If this script was run with the non-default domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to be written to the client system with the permissions of the user running the nmap client. This was corrected in upstream version 6.40 [2] (svn r31576). This svn revision also updates a few other NSE scripts for extra safety. [1] http://packetstormsecurity.com/files/122719/TWSL2013-025.txt [2] http://nmap.org/changelog.html
Created attachment 785030 [details] nmap r31576 patch The svn patch that corrects this flaw and hardens a few other NSE scripts.
This did not affect the version of nmap in Red Hat Enterprise Linux 5 as it did not have support for NSE scripts.
Created nmap tracking bugs for this issue: Affects: fedora-all [bug 997739]
Statement: This did not affect the version of nmap as shipped with Red Hat Enterprise Linux 5, as it did not have support for NSE scripts. This issue affects the version of nmap as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
nmap-6.40-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
I'm willy to say we should wontfix this. If the customer has a reason to see this fixed, please let us know.
If you are using Qualsys to scan your systems running RedHat 6.x then Qualsys reports the systems are at risk with a severity rating of a 3. Can RH discuss a release/update?
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days