Input validation

DISPUTED NOTE: this issue has been disputed by the upstream vendor. nasl/naslcrypto2.c in the Nessus Attack Scripting Language library aka libnasl 2.2.11 does not properly check the return value from the OpenSSL DSAdoverify function, which allows remote attackers to bypass validation of the...

PT-2009-2819 · Tenable +1 · Nessus Attack Scripting Language Library +1

Name of the Vulnerable Software and Affected Versions: Nessus Attack Scripting Language library aka libnasl version 2.2.11 Description: The issue concerns a potential problem in the Nessus Attack Scripting Language library where the return value from the OpenSSL DSA do verify function is not...

Nessus 2.0.x - LibNASL Arbitrary Code Execution

Nessus 2.0.x - LibNASL Arbitrary Code Execution source: https://www.securityfocus.com/bid/7664/info Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the...

Nessus 2.0.x - LibNASL Arbitrary Code Execution

source: https://www.securityfocus.com/bid/7664/info Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox environment and execute arbitrary...