Ubuntu 5.04 / 5.10 : libnasl vulnerability (USN-279-1)

Ubuntu Security Notice (C) 2006-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Jayesh KS discovered that the nasl_split() function in the NASL
(Nessus Attack Scripting Language) library did not check for a
zero-length separator argument, which lead to an invalid memory
allocation. This library is primarily used in the Nessus security
scanner
a remote attacker could exploit this vulnerability to cause
the Nessus daemon to crash.

Solution :

Update the affected libnasl-dev and / or libnasl2 packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 21373 ()

Bugtraq ID:

CVE ID: CVE-2006-2093