Re: NASL 'Split' function Buffer overflow Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: NASL 'Split' function Buffer overflow Vulnerability
From: Renaud Deraison <deraison@xxxxxxxxxx>
Date: Tue, 25 Apr 2006 13:20:36 -0400
In-reply-to: <36D91992-9C5B-43FB-BBA1-9CFB9D1DEBCB@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <3b1234b30604250051n4dffc868id2db338a0dc99de9@xxxxxxxxxxxxxx> <36D91992-9C5B-43FB-BBA1-9CFB9D1DEBCB@xxxxxxxxxx>


On Apr 25, 2006, at 1:09 PM, Renaud Deraison wrote:

On Apr 25, 2006, at 3:51 AM, OS2A BTO wrote:
We have discovered a vulnerability in libnasl of Nessus which can
cause Denial of
Service. We have attached the advisory which details thevulnerability and
also has the fix. A patch for libnasl 2.2.4 is included.
At the opposite of what the full advisory hints, this issue is NOTexploitable.


I meant to say : "not exploitable to execute arbitary code".


                                -- Renaud

References:
- NASL 'Split' function Buffer overflow Vulnerability
  - From: OS2A BTO
- Re: NASL 'Split' function Buffer overflow Vulnerability
  - From: Renaud Deraison

Prev by Date: Re: NASL 'Split' function Buffer overflow Vulnerability
Next by Date: Fenice - Open Media Streaming Server remote BOF exploit
Previous by thread: Re: NASL 'Split' function Buffer overflow Vulnerability
Next by thread: Invision Vulnerabilities, including remote code execution
Index(es):
- Date
- Thread