Ubuntu

Nmap package missing lua libraries, also doesn't look in debian locations

Reported by spinkham on 2008-10-23
84
This bug affects 11 people
Affects Status Importance Assigned to Milestone
nmap
Fix Committed
Unknown
nmap (Ubuntu)
Medium
Unassigned

Bug Description

"nmap -A example.com" fails on hosts that find a HTTP(S) port due to missing LUA libraries.
Problem found in package nmap-4.62-1ubuntu1.
nmap should either include the necessary lua libraries like they do for the scripts of previous versions(in the/usr/share/nmap/nselib and /usr/lib/nmap/nselib-bin directories) or depend on the necessary lua libs and modify nmap to look in the debian locations.

Relevant output from the program, first run(after fixing this missing library, it asks for about 5 more before you're done):

LUA INTERPRETER in nse_init.cc:763: /usr/share/nmap/scripts/robots.nse:4: module 'http' not found:
 no field package.preload['http']
 no file '/usr/share/nmap/nselib/http.lua'
 no file './http.lua'
 no file '/usr/local/share/lua/5.1/http.lua'
 no file '/usr/local/share/lua/5.1/http/init.lua'
 no file '/usr/local/lib/lua/5.1/http.lua'
 no file '/usr/local/lib/lua/5.1/http/init.lua'
 no file '/usr/lib/nmap/nselib-bin/http.so'
 no file './http.so'
 no file '/usr/local/lib/lua/5.1/http.so'
 no file '/usr/local/lib/lua/5.1/loadall.so'
SCRIPT ENGINE: Aborting script scan.

Jonathan Davies (jpds) wrote :

Hello,

This bug is being worked on in Debian and shall follow into Ubuntu in the Jaunty release. I have uploaded a fixed package to mentors.debian.net and it is currently awaiting upload.

Thanks,
Jonathan

Changed in nmap:
importance: Undecided → Medium
status: New → Confirmed
Claudio Moretti (flyingstar16) wrote :

Confirmed on Intrepid 8.10

Kyle M Weller (kylew) wrote :

I confirm this in Jaunty:
SCRIPT ENGINE: Initiating script scanning.
SCRIPT ENGINE: error while initializing script rules:
/usr/share/nmap/scripts/dns-test-open-recursion.nse:12: module 'comm' not found:
 no field package.preload['comm']
 no file '/usr/share/nmap/nselib/comm.lua'
 no file './comm.lua'
 no file '/usr/local/share/lua/5.1/comm.lua'
 no file '/usr/local/share/lua/5.1/comm/init.lua'
 no file '/usr/local/lib/lua/5.1/comm.lua'
 no file '/usr/local/lib/lua/5.1/comm/init.lua'
 no file '/usr/lib/nmap/nselib-bin/comm.so'
 no file './comm.so'
 no file '/usr/local/lib/lua/5.1/comm.so'
 no file '/usr/local/lib/lua/5.1/loadall.so'
stack traceback:
 [C]: in function 'require'
 /usr/share/nmap/scripts/dns-test-open-recursion.nse:12: in main chunk
 [C]: ?
 [C]: in function 'Entry'
 /usr/share/nmap/scripts/script.db:1: in main chunk
 [C]: ?
 [C]: ?

SCRIPT ENGINE: Aborting script scan.

whoop (tiredandnumb) wrote :

From reading the comments above I get the idea that this bug will not be fixed for current LTS and Intrepid. Is this correct? I hope not.

Claudio Moretti (flyingstar16) wrote :

Until someone's assigned to this bug, it's impossible that it gets fixed, sorry..

N4 (gnupglinux) wrote :

@ Claudio Of course you can fix it, download the latest Build of NMAP from fyodors site, current build is Nmap 4.85BETA7

Then just configure and make from source (as root).. Install over the old package & lua is all working again!

N4 (gnupglinux) wrote :

Broken packages are not the end of the world, I find downloading them from the source tree instead of waiting for someone to fix the problem in the debian repo, is sometimes a far quicker solution to the problem at hand.

Claudio Moretti (flyingstar16) wrote :

But that's NOT a fix.
People who are not so skilled in using Ubuntu, don't even know what a terminal is, because they never use it.
Actually, I am compiling day-by-day the latest SVN revision in Jaunty, but this is because I am able to; what do you think a person who never compiled sources will understand about "just configure and make from source (as root)"?
This need to be fixed in repos, users must be able to use nmap without compiling sources or tricking in any way...

N4 (gnupglinux) wrote :

If they have no experience of compiling the package then it'll be a good learning experience for them.. Not every package in existence is listed in the repository. For example aircrack-ng, is also missing various options because its not up-to date with the current build, it's current @ Rc3 but in the repository it's still hinging at Rc1.. which is almost ancient.

If they dont keep up to date with the builds then of course something is going to break and need fixing!

spinkham (steve-pinkham) wrote :

This is the bug tracker for the Ubuntu nmap package.
Please take all discussion of the merits of distribution packaging vs DIY to a different location, as they are orthogonal to this bug.
Thank you.

N4 (gnupglinux) wrote :

Dear Spink,

Sorry I thought GNU/Linux was supposed to be better than Microsoft with regards to important updates, but of course if the /developers can't stay current with important stuff like OpenSSH (5.1 instead of 5.2) ClamAV 0.94 newest scanning engine 0.95 and by the time we all get it, ClamAV will be probably be version 0.96! If their too busy playing with new stuff like Jaunty, then of course, when some script kiddie has buried himself deep into their servers, they can all sit around and scratch their heads wondering how it happened, whilst they have let the package maintainers & dependencies slip slowly downstream. Pure negligence. If using Linux has taught me anything, it's simply that you do not sit around waiting for something bad to happen till it's too late!

Claudio Moretti (flyingstar16) wrote :

I suggest you to ask for a place with Ubuntu Developers, so you will be able to update personally those packages and to guarantee to every Ubuntu user that their packages are up-to-date. During this, you may discover that software must be tested, before release, and that, in order to provide the best for your customers, sometimes you must stick to old-but-heavily-tested software, instead of running towards a beta that may contain dangerous code.

Changed in nmap:
status: Unknown → Fix Committed
Dave Walker (davewalker) wrote :

I'm marking this as Fix Released as it is fixed in at least the two previous releases, and the development version. If this is still an issue on Hardy, can someone update the bug accordingly.

Thanks

Changed in nmap (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.