[PLUTO-security] Nessus 2.0.6 has been released
Tom aka 'Dido'
tom at pluto.linux.it
Fri May 23 12:36:50 CEST 2003
Dalla mailing list di Nesus:
=================================================
Nessus 2.0.6 has been released. It fixes a potential security
vulnerability in
libnasl as well as some other buglets.
There are some flaws in libnasl which might let a script break out of
its
sandboxed environment and execute arbitrary commands on the nessusd
host.
To exploit these flaws, an attacker would need to have a valid Nessus
account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default).
Not that these issues can NOT be exploited by a tested host to crash
nessusd
remotely.
================================================
Dido
(il moderatore)
More information about the pluto-security
mailing list