Ubuntu 5.04 / 5.10 : libnasl vulnerability (USN-279-1)
Low Nessus Plugin ID 21373
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionJayesh KS discovered that the nasl_split() function in the NASL (Nessus Attack Scripting Language) library did not check for a zero-length separator argument, which lead to an invalid memory allocation. This library is primarily used in the Nessus security scanner; a remote attacker could exploit this vulnerability to cause the Nessus daemon to crash.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libnasl-dev and / or libnasl2 packages.