Nmap ftp-libopie NSE Script
This page contains detailed information about how to use the ftp-libopie NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/ftp-libopie.nse
Script categories: vuln, intrusive
Target service / protocol: ftp
Target network port(s): 21
List of CVEs: CVE-2010-1938
Script Description
The ftp-libopie.nse script checks if an FTPd is prone to CVE-2010-1938 (OPIE off-by-one stack overflow), a vulnerability discovered by Maksymilian Arciemowicz and Adam "pi3" Zabrocki. See the advisory at https://nmap.org/r/fbsd-sa-opie. Be advised that, if launched against a vulnerable host, this script will crash the FTPd.
Ftp-libopie NSE Script Arguments
This is a full list of arguments supported by the ftp-libopie.nse script:
vulns.shortIf set, vulnerabilities will be output in short format, a single line consisting of the host's target name or IP, the state, and either the CVE ID or the title of the vulnerability. Does not affect XML output.
vulns.showall
If set, the library will show and report all the registered vulnerabilities which includes the NOT VULNERABLE ones. By default the library will only report the VULNERABLE entries: VULNERABLE, LIKELY VULNERABLE, VULNERABLE (DoS) and VULNERABLE (Exploitable). This argument affects the following functions: vulns.Report.make_output(): the default output function for portule/hostrule scripts. vulns.make_output(): the default output function for postrule scripts. vulns.format_vuln() and vulns.format_vuln_table() functions.
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=ftp-libopie --script-args vulns.short=value,vulns.showall=value <target>Ftp-libopie NSE Script Example Usage
Here's an example of how to use the ftp-libopie.nse script:
nmap --script=ftp-libopie <target>
Ftp-libopie NSE Script Example Output
Here's a sample output from the ftp-libopie.nse script:
PORT STATE SERVICE
21/tcp open ftp
| ftp-libopie:
| VULNERABLE:
| OPIE off-by-one stack overflow
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2010-1938 BID:40403
| Risk factor: High CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
| Description:
| An off-by-one error in OPIE library 2.4.1-test1 and earlier, allows remote
| attackers to cause a denial of service or possibly execute arbitrary code
| via a long username.
| Disclosure date: 2010-05-27
| References:
| http://site.pi3.com.pl/adv/libopie-adv.txt
| http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
| https://www.securityfocus.com/bid/40403
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
Ftp-libopie NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Ange Gutek
References
- https://nmap.org/nsedoc/scripts/ftp-libopie.html
- https://github.com/nmap/nmap/tree/master/scripts/ftp-libopie.nse
- https://nmap.org/r/fbsd-sa-opie
- http://site.pi3.com.pl/adv/libopie-adv.txt
- http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
- https://www.securityfocus.com/bid/40403
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
See Also
Related NSE scripts to the ftp-libopie.nse script:
- ftp-anon.nse
- ftp-bounce.nse
- ftp-brute.nse
- ftp-proftpd-backdoor.nse
- ftp-syst.nse
- ftp-vsftpd-backdoor.nse
- ftp-vuln-cve2010-4221.nse
Visit Nmap NSE Library for more scripts.
Version
This page has been created based on Nmap version 7.92.
