So far, you’ve provided no context. None at all.
We know what nmap does and we can understand scripting. What we don’t understand is why you care.
I’ve run a suite of nmap commands on my websites ip hosted here and I did not find mention of the CVE that you mentioned. Therefore, I think it is irrelevant.
Also, there’s also no need to pointlessly pick on other forum members, it’s not needed and it’s not kind.
Here’s what I’ve figured out so far. The user is concerned about a vulnerability that is not possible on infinityfree’s systems. A batch script is native to the Microsoft Windows platform and can only be executed on machines that are following the same infrastructure. If you are having problems with something that isn’t possible, that is not something we are able to fix. We run a web hosting company, not a batch script execution engine.
Man, I understand you.
Let’s sum this thing up:
You scanned your website with these code / Windows batch:
And it says that your website has the
vulnerability.
This was a rather old exploit that laid in the operating systems. You should really blame iFastNet for using old kernel versions.
Since this is a DoS exploit, (I assume it is similar but smaller to DDoS.) you still should be able to prevent this by getting your own domain and sign up for CloudFlare.
Kernel has nothing to do with what CVE OP was mentioning.
Even fork bomb is technically DoS, if there is a code problem on the host of website where you can cause DoS without sending many packets to it then CloudFlare cannot protect you from it.
Well, I was a noob at security 
Don’t worry mate. If your not sure, ask AI a few questions. Never hurts to learn more!
my favorite 
:(){ :|:& };:
I often run this when im bored just to watch the cpu usage 
Non-bash(zsh) users:
But these kind of users is rare.
Changing all ":"s into some other things indeed do the trick.
I locked up my phone using this
OK, so it appears my question was wrong. I assumed NMAP had script capabilities but you would still need to get scripts somewhere to check against the vulnerabilities. But it seems that the vuln script is included by nmap by default.
I ran the test myself, but it didn’t find the specified CVE for me. I didn’t expect it to because - again - you don’t usually have Avahi on servers. And the port Avahi runs on, port 5353, is clearly not open on the website IP.
So why did nmap say this vulnerability exist? My guess is that it wasn’t talking to your website in the first place. mDNS, which is the functionality Avahi provides, makes use of UDP broadcast packets on the local network. So when NMAP run the test, it sent packets to all devices on your own network. So I suspect it found the vulnerability somewhere on your local network but incorrectly reported it as existing on your website.
The lesson to take away here is that CVE’s and vulnerability scans are not sacred. A vulnerability being found does not make your website unsafe and no vulnerabilities being found doesn’t make it safe. And even when a CVE is found, you always need to check the CVE and see what it actually does and check it against your own case to see if it’s valid.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.