Nessus insstr DoS

2003-05-23T00:00:00
ID OSVDB:3190
Type osvdb
Reporter OSVDB
Modified 2003-05-23T00:00:00

Description

Vulnerability Description

Nessus contains a flaw that allows a local user to create a denial of service to the scanner. The condition is due to a flaw in the Nessus Attack Scripting Language (NASL) engine when the "plugins_upload" option is enabled. A local attacker can provide malicious content to the insstr() function and cause the NASL to crash.

Technical Description

This attack requires the local user to have a valid Nessus account.

Solution Description

Upgrade to version 2.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Nessus contains a flaw that allows a local user to create a denial of service to the scanner. The condition is due to a flaw in the Nessus Attack Scripting Language (NASL) engine when the "plugins_upload" option is enabled. A local attacker can provide malicious content to the insstr() function and cause the NASL to crash.

References:

Secunia Advisory ID:8842 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-05/0250.html ISS X-Force ID: 12057 CVE-2003-0372 Bugtraq ID: 7664