[foofus-tools] Medusa SSH Module Issue
jmk
jmk at foofus.net
Wed Aug 20 09:13:24 PDT 2008
On Wed, 2008-08-20 at 10:38 -0400, Nathan Grandbois wrote:
> Synopsis:
> Medusa SSH scanning module fails after 3 login attempts with the
> following error:
> ERROR: Failed to retrieve supported authentication modes. Aborting...
> ERROR: No supported authentication methods located.
<snip>
> Conclusions:
> IMHO I think that the thread responsible for reconnecting is failing.
> Coincidentally, the number of failed attempts tried by medusa, is equal
> to the number of failed attempts if done manually. I have googled and
> googled for hints on this, but the only one I get is from some guy in
> spanish who said it was a stupid problem that he fixed, without actually
> giving the fix.
>
> Please, any help would be greatly appreciated.
I've attached a patch with the changes since v1.4 was released. The
module should now restart the connection when the server tells it to go
away after a few failed attempts. Please let me know if this fixes the
problem for you.
> PS> In addition, if I put a successful password in the first three
> passwords attempted, medusa takes a dump with the following error:
> *** glibc detected *** medusa: double free or corruption (!prev):
> 0x0805aff0 ***
> Followed by a backtrace and memory map.
It seems that starting with libssh2 0.18, we're occasionally getting a
double free. As a quick fix/hack, I had just commented out the free() in
LIBSSH2_FREE_FUNC. The attached patch contains this hack. If that
doesn't fix the issue, send me a backtrace and I'll take a look at it.
Joe
More information about the foofus-tools
mailing list