News Register Control Panel Private Messages Members List Team Search News Posts About Us
 

Nessus NASL scripting engine security issues
  Author: Ravish Ahuja
Added: 05/24/2003
Type: Advisory
Viewed: 122 time(s)
[ Not Rated Yet ]
Patch

Afftected
Linux RedHat 7.2

$ nasl -v | grep nasl
nasl 2.0.5

Vendor Status
New nessus 2.0.6 packages fixes these issues.

Workaround
Make sure the option 'plugins_upload' is set to 'no' in nessusd.conf and
don't run unstrusted nasl scripts.

Credits
Hank Leininger <[email protected]> requested the source code audit
for some opensource projects and for nessus in particular.

Sir Mordred <[email protected]> discovered the issues.

Renaud Deraison <[email protected]> fixed them in an hour after being
notified.


Article Pages:   Prev | 1 | 2 | 3  




How would you rate this article:    Bad Good   Go  

 Channels

 Recent Advisories
 Acroread 5.0.7 buffer overflow
 NetMeeting Directory Traversal Vulnerability
 Windows Media Services Remote Command Execution #2
 BRS WebWeaver Error Page Cross-Site Scripting Vulnerability
 Symantec Security Check ActiveX Buffer Overflow
 Authentication Vulnerability in NetScreen ScreenOS
 Multiple vulnerabilities in Tutos
 pMachine (PHP) : Include() Security Hole
 Bug found in: Polymorph 0.4.0
 Nessus NASL scripting engine security issues

 Current Discussions
well i m using my old account that is smartass
smartass is back with a new id smarty
wired banks in india
+Desktops +
Squid + NT 4
Happy Birthday Telos
editing explorer.exe
changing your startup and shutdown screens
Linux Configuration
linux iso many

 Affiliates



Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.