Info

Disclosure

May 23, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Nessus contains a flaw that allows a local user to create a denial of service to the scanner. The condition is due to a flaw in the Nessus Attack Scripting Language (NASL) engine when the "plugins_upload" option is enabled. A local attacker can provide a long "user" or "pass" argument to the ftp_log_in() function and cause the NASL to crash.

Classification

Attack Type: Input Manipulation

Solution

Upgrade to version 2.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Nessus

2.0.5

References

ISS X-Force ID: 12059
CVE ID: 2003-0373 (see also: NVD)
Secunia Advisory ID: 8842
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-05/0243.html
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-05/0250.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218