smb-vuln-ms17-010: handle error when the SMB connection is reset #1254

wants to merge 1 commit into


None yet
1 participant

The HIPS feature of Symantec Endpoint Protection resets the SMB connection when trying to scan for MS17-010.
This was not handled by the code and led to the following wrong message:

Host script results:
|_smb-vuln-ms17-010: Unexpected SMB response:4f525245

We can see that "4f525245" is hex for "ERR". Indeed the return code from smb.smb_read is not checked and the code tries to parse smb_header as a header, whereas in this case it contains an error message.
I copied the code from a few lines above to properly handle the case where the connection is reset.

The result is now:

Host script results:
|_smb-vuln-ms17-010: SMB: ERROR: Server disconnected the connection

Which is hopefully more clear!

@nmap-bot nmap-bot closed this in 6e5e947 Jun 28, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment