Home page logo

bugtraq logo Bugtraq mailing list archives

Re: NASL 'Split' function Buffer overflow Vulnerability
From: Renaud Deraison <deraison () nessus org>
Date: Tue, 25 Apr 2006 13:09:28 -0400

On Apr 25, 2006, at 3:51 AM, OS2A BTO wrote:

We have discovered a vulnerability in libnasl of Nessus which can
cause Denial of
Service. We have attached the advisory which details the vulnerability and
also has the fix. A patch for libnasl 2.2.4 is included.

At the opposite of what the full advisory hints, this issue is NOT exploitable.

On Nessus 2, the program is killed via abort(), on Nessus 3, a segfault occurs due to an attempt to read an invalid location of the memory (this location is not user-controlled).

There is a denial of service, though. However, the only way to exploit it would be to load a rogue plugin in nessusd, which is difficult since the plugins downloads are cryptographically signed.

The out-of-memory / bad pointer dereferencement condition will nevertheless be addressed in Nessus 2.2.8 / 3.0.3.

                                -- Renaud

ps: OS2A did not contact us prior to releasing this misleading advisory. So much for 'responsible disclosure'.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]