Nessus 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195176 漏洞类型 资源管理错误
发布时间 2006-04-29 更新时间 2006-04-29
CVE编号 CVE-2006-2093 CNNVD-ID CNNVD-200604-548
漏洞平台 N/A CVSS评分 2.6
|漏洞来源
https://www.securityfocus.com/bid/87666
https://cxsecurity.com/issue/WLB-2006050014
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-548
|漏洞详情
Nessus2.2.8之前的版本以及3.0.3之前的3.x系列版本允许用户辅助攻击者借助于NASL脚本(利用无效的sep参数调用split)造成拒绝服务(内存消耗)。注:NASL语言的设计目标是在确保脚本不能执行恶意操作的前提下简化安全测试的共享。只要Nessus用户期望分割语句不使用过大的内存。
|漏洞EXP
On Apr 25, 2006, at 1:09 PM, Renaud Deraison wrote:

>
> On Apr 25, 2006, at 3:51 AM, OS2A BTO wrote:
>>
>> We have discovered a vulnerability in libnasl of Nessus which can
>> cause Denial of
>> Service. We have attached the advisory which details the  
>> vulnerability and
>> also has the fix. A patch for libnasl 2.2.4 is included.
>
>
> At the opposite of what the full advisory hints, this issue is NOT  
> exploitable.

I meant to say : "not exploitable to execute arbitary code".

-- Renaud
|受影响的产品
Nessus Nessus 2.2.3 Nessus Nessus 2.2 rc1 Nessus Nessus 3.0.2 Nessus Nessus 2.2.7 Nessus Nessus 2.2.6 Nessus Nessus 2.2.5 Nessus Nessus 2.2.2
|参考资料

来源:VUPEN
名称:ADV-2006-1541
链接:http://www.frsirt.com/english/advisories/2006/1541
来源:SECTRACK
名称:1015996
链接:http://securitytracker.com/id?1015996
来源:UBUNTU
名称:USN-279-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-279-1
来源:BUGTRAQ
名称:20060425Re:NASL'Split'functionBufferoverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/431994/100/0/threaded
来源:BUGTRAQ
名称:20060425Re:NASL'Split'functionBufferoverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/431993/100/0/threaded
来源:BUGTRAQ
名称:20060425NASL'Split'functionBufferoverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/431987/100/0/threaded
来源:OSVDB
名称:25084
链接:http://www.osvdb.org/25084
来源:XF
名称:nessus-nasl-split-dos(26034)
链接:http://xforce.iss.net/xforce/xfdb/26034
来源:SREASON
名称:817
链接:http://securityreason.com/securityalert/817