Nessus LibNASL任意代码执行漏洞

漏洞信息详情

Nessus LibNASL任意代码执行漏洞

• CNNVD编号：CNNVD-200306-077
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-0373
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2003-06-16
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2007-03-30
  
• 厂        商：
  
  nessus
• 漏洞来源：
  .’);”>The discovery of t…

Nessus 2.0.6版本libnasl存在多个缓冲区溢出漏洞。具有插件上传特权的本地用户借助（1）scanner_add_port函数的超长proto参数，（2）ftp_log_in函数的超长user参数，（3）ftp_log_in函数的超长pass参数导致服务拒绝（内存转储）并可能执行任意代码。

This issue has been addressed in Nessus 2.0.6. Users are advised to upgrade as soon as possible.
Gentoo has released advisory 200305-10. Vulnerable users are advised to perform the following commands:
emerge sync
emerge nessus
emerge clean
Nessus Nessus 2.0

• Nessus Nessus 2.0.6
  
  http://www.nessus.org/nessus_2_0.html

Nessus Nessus 2.0.1

• Nessus Nessus 2.0.6
  
  http://www.nessus.org/nessus_2_0.html

Nessus Nessus 2.0.2

• Nessus Nessus 2.0.6
  
  http://www.nessus.org/nessus_2_0.html

Nessus Nessus 2.0.3

• Nessus Nessus 2.0.6
  
  http://www.nessus.org/nessus_2_0.html

Nessus Nessus 2.0.4

• Nessus Nessus 2.0.6
  
  http://www.nessus.org/nessus_2_0.html

Nessus Nessus 2.0.5

• Nessus Nessus 2.0.6
  
  http://www.nessus.org/nessus_2_0.html

来源: BUGTRAQ
名称: 20030522 Potential security vulnerability in Nessus
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105364059803427&w=2

来源: BID
名称: 7664
链接:http://www.securityfocus.com/bid/7664

来源: BUGTRAQ
名称: 20030523 nessus NASL scripting engine security issues
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105369506714849&w=2