BugTraq
NASL 'Split' function Buffer overflow Vulnerability Apr 25 2006 07:51AM
OS2A BTO (os2a bto gmail com) (1 replies)
Re: NASL 'Split' function Buffer overflow Vulnerability Apr 25 2006 05:09PM
Renaud Deraison (deraison nessus org) (1 replies)

On Apr 25, 2006, at 3:51 AM, OS2A BTO wrote:
>
> We have discovered a vulnerability in libnasl of Nessus which can
> cause Denial of
> Service. We have attached the advisory which details the
> vulnerability and
> also has the fix. A patch for libnasl 2.2.4 is included.

At the opposite of what the full advisory hints, this issue is NOT
exploitable.

On Nessus 2, the program is killed via abort(), on Nessus 3, a
segfault occurs due to an attempt to read an invalid location of the
memory (this location is not user-controlled).

There is a denial of service, though. However, the only way to
exploit it would be to load a rogue plugin in nessusd, which is
difficult since the plugins downloads are cryptographically signed.

The out-of-memory / bad pointer dereferencement condition will
nevertheless be addressed in Nessus 2.2.8 / 3.0.3.

-- Renaud

ps: OS2A did not contact us prior to releasing this misleading
advisory. So much for 'responsible disclosure'.

[ reply ]
Re: NASL 'Split' function Buffer overflow Vulnerability Apr 25 2006 05:20PM
Renaud Deraison (deraison nessus org)


 

Privacy Statement
Copyright 2010, SecurityFocus