Nessus NASL scripting engine security issues - Patch - https://www.linuxadvisory.com

Nessus NASL scripting engine security issues
	Author: Ravish Ahuja Added: 05/24/2003 Type: Advisory Viewed: 122 time(s) [ Not Rated Yet ]	Printable Version

Patch

Afftected
Linux RedHat 7.2

$ nasl -v | grep nasl
nasl 2.0.5

Vendor Status
New nessus 2.0.6 packages fixes these issues.

Workaround
Make sure the option 'plugins_upload' is set to 'no' in nessusd.conf and
don't run unstrusted nasl scripts.

Credits
Hank Leininger <[email protected]> requested the source code audit
for some opensource projects and for nessus in particular.

Sir Mordred <[email protected]> discovered the issues.

Renaud Deraison <[email protected]> fixed them in an hour after being
notified.

Article Pages: � Prev | 1 | 2 | 3

How would you rate this article: Bad Good Go �

Channels

Recent Advisories

Acroread 5.0.7 buffer overflow

NetMeeting Directory Traversal Vulnerability

Windows Media Services Remote Command Execution #2

BRS WebWeaver Error Page Cross-Site Scripting Vulnerability

Symantec Security Check ActiveX Buffer Overflow

Authentication Vulnerability in NetScreen ScreenOS

Multiple vulnerabilities in Tutos

pMachine (PHP) : Include() Security Hole

Bug found in: Polymorph 0.4.0

Nessus NASL scripting engine security issues

Current Discussions

well i m using my old account that is smartass

smartass is back with a new id smarty

wired banks in india

Happy Birthday Telos

editing explorer.exe

changing your startup and shutdown screens

Linux Configuration

Affiliates

� Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.