[foofus-tools] Medusa Patch
Richard Layton
rlayton at gmail.com
Thu Dec 4 17:51:27 PST 2008
I found this in the mailing list archives. Does anyone still have this
patch?
-Rich
>From jmk at foofus.net Wed Aug 20 09:13:24 2008
From: jmk at foofus.net (jmk)
Date: Wed, 20 Aug 2008 11:13:24 -0500
Subject: [foofus-tools] Medusa SSH Module Issue
In-Reply-To: <48AC2C55.7010300 at microsolved.com>
References: <48AC2C55.7010300 at microsolved.com>
Message-ID: <1219248804.8156.10.camel at localhost>
On Wed, 2008-08-20 at 10:38 -0400, Nathan Grandbois wrote:
> Synopsis:
> Medusa SSH scanning module fails after 3 login attempts with the
> following error:
> ERROR: Failed to retrieve supported authentication modes. Aborting...
> ERROR: No supported authentication methods located.
<snip>
> Conclusions:
> IMHO I think that the thread responsible for reconnecting is failing.
> Coincidentally, the number of failed attempts tried by medusa, is equal
> to the number of failed attempts if done manually. I have googled and
> googled for hints on this, but the only one I get is from some guy in
> spanish who said it was a stupid problem that he fixed, without actually
> giving the fix.
>
> Please, any help would be greatly appreciated.
I've attached a patch with the changes since v1.4 was released. The
module should now restart the connection when the server tells it to go
away after a few failed attempts. Please let me know if this fixes the
problem for you.
> PS> In addition, if I put a successful password in the first three
> passwords attempted, medusa takes a dump with the following error:
> *** glibc detected *** medusa: double free or corruption (!prev):
> 0x0805aff0 ***
> Followed by a backtrace and memory map.
It seems that starting with libssh2 0.18, we're occasionally getting a
double free. As a quick fix/hack, I had just commented out the free() in
LIBSSH2_FREE_FUNC. The attached patch contains this hack. If that
doesn't fix the issue, send me a backtrace and I'll take a look at it.
Joe
More information about the foofus-tools
mailing list