Access via WMI not possible in docker container

[bellum07]

Hello,

it seems that the ospd-openvas docker container has a problem with wmi access to the scan target. In the openvas.log of the ospd-openvas container I see: lib nasl:MESSAGE:2023-08-11 13h19.59 utc:8012: nasl_wmi_connect: WMI Connect failed or missing WMI support for the scanner

When I launch root@ospd-openvas:/ospd-openvas# /usr/local/bin/wmic -d 7 -U DOMAIN/myScanUser%myPassword //10.10.10.10 "SELECT * FROM Win32_OperatingSystem" in the docker container I get:

[/source/samba/param/loadparm.c:587:init_globals()] Initialising global parameters
[/source/samba/param/loadparm.c:2464:lp_load()] lp_load: refreshing parameters from /usr/local/etc/openvas/openvas-smb.conf
[/source/samba/param/params.c:517:OpenConfFile()] params.c:OpenConfFile() - Unable to open configuration file "/usr/local/etc/openvas/openvas-smb.conf":
        No such file or directory
[/source/samba/param/loadparm.c:2473:lp_load()] pm_process() returned No
[/source/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service IPC$
[/source/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service ADMIN$
[/source/samba/auth/credentials/credentials_krb5.c:170:cli_credentials_set_ccache()] failed to get principal from default ccache: No such file or directory: get-principal lstat(/tmp/krb5cc_0)
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'spnego' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'schannel' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam_ignoredomain' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'name_to_ntstatus' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'fixed_challenge' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind_samba3' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'anonymous' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'krb5' registered
[/source/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'ntlmssp' registered
[/source/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[/source/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:m
[/source/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/source/samba/lib/util/util.c:334:interpret_addr()] sys_gethostbyname: Unknown host. m
[/source/samba/lib/socket/interface.c:103:add_interface()] added interface ip=172.19.0.7 nmask=255.255.0.0
[/source/samba/librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[/source/samba/librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
[/source/wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT
root@ospd-openvas:/ospd-openvas#

When I launch the same greenbone@vmgreenbone:~$ /usr/local/bin/wmic -d 7 -U DOMAIN/myScanUser%myPassword //10.10.10.10 "SELECT * FROM Win32_OperatingSystem" on a VM with openvas built from source I get:

[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:587:init_globals()] Initialising global parameters
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:2464:lp_load()] lp_load: refreshing parameters from /usr/local/etc/openvas/openvas-smb.conf
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/params.c:517:OpenConfFile()] params.c:OpenConfFile() - Unable to open configuration file "/usr/local/etc/openvas/openvas-smb.conf":
        No such file or directory
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:2473:lp_load()] pm_process() returned No
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service IPC$
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service ADMIN$
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/credentials/credentials_krb5.c:170:cli_credentials_set_ccache()] failed to get principal from default ccache: No such file or directory: get-principal lstat(/tmp/krb5cc_1000)
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'spnego' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'schannel' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam_ignoredomain' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'name_to_ntstatus' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'fixed_challenge' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind_samba3' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'anonymous' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'krb5' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'ntlmssp' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:10.10.10.10
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC mechanism spnego
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC submechanism gssapi_krb5
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec_gssapi.c:305:gensec_gssapi_client_start()] Cannot do GSSAPI to an IP address
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:605:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC submechanism ntlmssp
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:567:complete_activation()] Negotiated COM version: 5.7 using binding ncacn_ip_tcp:10.10.10.10[135]
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:1171:bind_new_pipe()] /home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:1171: dcom_get_pipe: host=10.10.10.10, similar=10.10.10.10[49788]
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC mechanism ntlmssp
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_sign.c:318:ntlmssp_sign_init()] NTLMSSP Sign/Seal - Initialising with flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:196:main()] OK   : Login to remote object.
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:200:main()] OK   : WMI query execute.
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:203:main()] OK   : Reset result of WMI query.
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:212:main()] OK   : Retrieve result data.
CLASS: Win32_OperatingSystem
BootDevice|BuildNumber|BuildType|Caption|CodeSet|CountryCode|CreationClassName|CSCreationClassName|CSDVersion|CSName|CurrentTimeZone|DataExecutionPrevention_32BitApplications|DataExecutionPrevention_Available|DataExecutionPrevention_Drivers|DataExecutionPrevention_SupportPolicy|Debug|Description|Distributed|EncryptionLevel|ForegroundApplicationBoost|FreePhysicalMemory|FreeSpaceInPagingFiles|FreeVirtualMemory|InstallDate|LargeSystemCache|LastBootUpTime|LocalDateTime|Locale|Manufacturer|MaxNumberOfProcesses|MaxProcessMemorySize|MUILanguages|Name|NumberOfLicensedUsers|NumberOfProcesses|NumberOfUsers|OperatingSystemSKU|Organization|OSArchitecture|OSLanguage|OSProductSuite|OSType|OtherTypeDescription|PAEEnabled|PlusProductID|PlusVersionNumber|PortableOperatingSystem|Primary|ProductType|RegisteredUser|SerialNumber|ServicePackMajorVersion|ServicePackMinorVersion|SizeStoredInPagingFiles|Status|SuiteMask|SystemDevice|SystemDirectory|SystemDrive|TotalSwapSpaceSize|TotalVirtualMemorySize|TotalVisibleMemorySize|Version|WindowsDirectory
\Device\HarddiskVolume1|19044|Multiprocessor Free|Microsoft Windows 10 Pro|1252|49|Win32_OperatingSystem|Win32_ComputerSystem|(null)|JKW10HORE|120|True|True|True|2|False||False|256|2|2479160|715548|3104276|20220210150208.000000+060|0|20230907122453.500000+120|20230911170946.482000+120|0407|Microsoft Corporation|4294967295|137438953344|(de-DE)|Microsoft Windows 10 Pro|C:\Windows|\Device\Harddisk0\Partition3|0|98|5|48||64-Bit|1031|256|18|(null)|False|(null)|(null)|False|True|1|Microsoft|00330-80000-00000-AA107|0|0|720896|OK|272|\Device\HarddiskVolume3|C:\Windows\system32|C:|0|4914168|4193272|10.0.19044|C:\Windows
greenbone@vmgreenbone:~$

The difference is:

Docker:

[/source/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:m
[/source/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/source/samba/lib/util/util.c:334:interpret_addr()] sys_gethostbyname: Unknown host. m
[/source/samba/lib/socket/interface.c:103:add_interface()] added interface ip=172.19.0.7 nmask=255.255.0.0
[/source/samba/librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[/source/samba/librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv

vs.

Native:

[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:10.10.10.10
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK

To me it seems that wmic can’t connect to outside of the container but I don’t know the root cause. But I think this is a bug …

[cfi-gb]

The crucial difference between the not working wmic call on the docker container seems to be:

[/source/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:m
[/source/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/source/samba/lib/util/util.c:334:interpret_addr()] sys_gethostbyname: Unknown host. m

vs. the working one on the VM:

[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:10.10.10.10
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135

Note the difference between the IP in Using binding ncacn_ip_tcp:10.10.10.10 vs. the m in Using binding ncacn_ip_tcp:m.

Not sure though if this is actually an issue in the way wmic is build in the docker container, an issue in wmic itself (which is part of https://github.com/greenbone/openvas-smb) or something completely different.

But it doesn't look like an issue in the scanner itself so this is probably better moved over to https://github.com/greenbone/openvas-smb/issues

[bellum07]

But it doesn't look like an issue in the scanner itself so this is probably better moved over to https://github.com/greenbone/openvas-smb/issues

O.K. I thought this is the section for the openvas-scanner docker container itself ... Can you move this issue ticket over or do I have to create it new in https://github.com/greenbone/openvas-smb/issues ?

[cfi-gb]

Moving the issue can be done by the team / maintainers responsible for this repository (i don't have any permissions) and i would leave it up to them to decide where this issue belongs so IMHO no action required from your side :+1:

[bellum07]

O.K. Thank you very much 👍

[jjnicola]

To me it seems that wmic can’t connect to outside of the container but I don’t know the root cause. But I think this is a bug …

I was able to reproduce the issue and I agree. It is like wmic can't connect from the container.

[jjnicola]

Since it worked with my dev environment (Debian Bullseye - oldstable) but not in docker (Debian Bookworm - stable), I have checked the linked libraries in both systems and compared them. ldd /usr/local/bin/wmic | wc -l I found that wmic in the docker container links against 33 libraries, while in my system links against 34 libs. The missing lib is libresolv.so

Also, I tried this in another system with Debian testing (no docker container). It didn't work and also the link to libresolv.so is missing.

Finally, I locally built new ospd-openvas images but this time based on openvas-smb::oldstable-edge and openvas-scanner:oldstable-edge and running wmic from inside the container, it worked as expected.

root@bbb8610ce883:/# ldd /usr/local/bin/wmic |grep resolv
    libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f571c337000)

root@bbb8610ce883:/# wmic -U DOMAIN/USER%PASS //<TARGET IP>[sign] "SELECT name FROM Win32_ComputerSystem" 
CLASS: Win32_ComputerSystem
Name
WIN-U17FD12U4H6

So it is not a docker configuration issue (some missing capability, security option, etc) but a problem with the new base system.

For openvas-smb new stable image, beside the new Debian stable, a new library has been updated: libroken from v18 to v19. I am still not sure if this is the source. Not sure if this is the source of the problem, or the missing link to libresolv.so (included in glibc)

[jjnicola]

I have wildly replace libroken.so.19 symlink to point against to a copy/paste libroken.so.18 from my Debian Bullseye. Fortunatelly, it was not an issue, but the problem still persists. So, I can discard that the issue comes from libroken19_heimdal

$ sudo grep libroken.so /proc/*/maps
/proc/136848/maps:7f869f260000-7f869f265000 r--p 00000000 00:1a 15842576                   /tmp/libroken.so.18.1.0
/proc/136848/maps:7f869f265000-7f869f272000 r-xp 00005000 00:1a 15842576                   /tmp/libroken.so.18.1.0
/proc/136848/maps:7f869f272000-7f869f276000 r--p 00012000 00:1a 15842576                   /tmp/libroken.so.18.1.0
/proc/136848/maps:7f869f276000-7f869f277000 ---p 00016000 00:1a 15842576                   /tmp/libroken.so.18.1.0
/proc/136848/maps:7f869f277000-7f869f278000 r--p 00016000 00:1a 15842576                   /tmp/libroken.so.18.1.0
/proc/136848/maps:7f869f278000-7f869f279000 rw-p 00017000 00:1a 15842576                   /tmp/libroken.so.18.1.0

I can't realize why wmic is not linking against libresolv.so

[jjnicola]

@bellum07 could you provide please, version of libc you have installed in your system? (in the one it works)
e.g.:

$ dpkg -l |grep "GNU C L"
ii  glibc-source                             2.31-13+deb11u6                  all          GNU C Library: sources
ii  libc-bin                                 2.31-13+deb11u6                  amd64        GNU C Library: Binaries
ii  libc-dev-bin                             2.31-13+deb11u6                  amd64        GNU C Library: Developme

[bellum07]

Sure 😃

root@vmgreenbone:~# dpkg -l |grep "GNU C L"
ii  libc-bin                               2.35-0ubuntu3.1                         amd64        GNU C Library: Binaries
ii  libc-dev-bin                           2.35-0ubuntu3.1                         amd64        GNU C Library: Development binaries
ii  libc6:amd64                            2.35-0ubuntu3.1                         amd64        GNU C Library: Shared libraries
ii  libc6-dev:amd64                        2.35-0ubuntu3.1                         amd64        GNU C Library: Development Libraries and Header Files
ii  libc6-i386                             2.35-0ubuntu3.1                         amd64        GNU C Library: 32-bit shared libraries for AMD64
ii  locales                                2.35-0ubuntu3.1                         all          GNU C Library: National Language (locale) data [support]

Source compiled GVM on a Ubuntu 22.04.3 LTS VM

[cfi-gb]

There is a recent greenbone/openvas-smb#77 which seems to include some info that this might be originating from a different popt (libpopt) library version.