drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in libnasl-nessus
Name: |
Denial of Service in libnasl-nessus |
|
ID: |
USN-279-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Mi, 3. Mai 2006, 18:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2093 |
|
Applikationen: |
Tenable Nessus |
|
Originalnachricht |
--===============0186642513== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WChQLJJJfbwij+9x" Content-Disposition: inline
--WChQLJJJfbwij+9x Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-279-1 May 03, 2006 libnasl vulnerability CVE-2006-2093 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libnasl2
The problem can be corrected by upgrading the affected package to version 2.2.3-1ubuntu0.1 (libnasl-dev and libnasl2) and 2.2.4-1ubuntu0.1 (libnasl-dev and libnasl2). After a standard system upgrade you need to restart nessusd to effect the necessary changes.
Details follow:
Jayesh KS discovered that the nasl_split() function in the NASL (Nessus Attack Scripting Language) library did not check for a zero-length separator argument, which lead to an invalid memory allocation. This library is primarily used in the Nessus security scanner; a remote attacker could exploit this vulnerability to cause the Nessus daemon to crash.
Updated packages for Ubuntu 5.04:
Source archives:
libnasl_2.2.3-1ubuntu0.1.diff.gz Size/MD5: 325024 934e559032064bdbfaf178e0e64b347d libnasl_2.2.3-1ubuntu0.1.dsc Size/MD5: 758 3326827ac8f9245a9188222ac517224d libnasl_2.2.3.orig.tar.gz Size/MD5: 360918 ee66b86f0a808c9eb1e1756490e5c067
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libnasl-dev_2.2.3-1ubuntu0.1_amd64.deb Size/MD5: 334004 81c12b0e563175c9add90f462d55c46d libnasl2_2.2.3-1ubuntu0.1_amd64.deb Size/MD5: 101580 63413de59bcc9efe8cacbcc34380df67
i386 architecture (x86 compatible Intel/AMD)
libnasl-dev_2.2.3-1ubuntu0.1_i386.deb Size/MD5: 312834 8c0bfa1daf1854ef200cc9bb4e50a54c libnasl2_2.2.3-1ubuntu0.1_i386.deb Size/MD5: 95840 4d8e2c1a91d8fc991f2fd1716b8583cb
powerpc architecture (Apple Macintosh G3/G4/G5)
libnasl-dev_2.2.3-1ubuntu0.1_powerpc.deb Size/MD5: 338600 33be5486ddf9ca014d27bf77281200f0 libnasl2_2.2.3-1ubuntu0.1_powerpc.deb Size/MD5: 99624 98dcfe611e5029dc619caf72dfd4da86
Updated packages for Ubuntu 5.10:
Source archives:
libnasl_2.2.4-1ubuntu0.1.diff.gz Size/MD5: 325052 1a6cb2d4eba535bf7d04c86e28753fce libnasl_2.2.4-1ubuntu0.1.dsc Size/MD5: 758 77166e15fa4998fccb44c731649318b9 libnasl_2.2.4.orig.tar.gz Size/MD5: 361551 47de3e86725b5f54f5752233a4bc1ea8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libnasl-dev_2.2.4-1ubuntu0.1_amd64.deb Size/MD5: 342848 312e410daa37b832a4462c0fd43a256e libnasl2_2.2.4-1ubuntu0.1_amd64.deb Size/MD5: 105872 17131088c3fcf03c61ff48c1068de163
i386 architecture (x86 compatible Intel/AMD)
libnasl-dev_2.2.4-1ubuntu0.1_i386.deb Size/MD5: 314346 3e306ca23afe7008bc7fb1e0864763fa libnasl2_2.2.4-1ubuntu0.1_i386.deb Size/MD5: 96150 dc30810ccc3d00679da3f081517ada1d
powerpc architecture (Apple Macintosh G3/G4/G5)
libnasl-dev_2.2.4-1ubuntu0.1_powerpc.deb Size/MD5: 344788 fa5ead6eae23d5811973691236068b5a libnasl2_2.2.4-1ubuntu0.1_powerpc.deb Size/MD5: 102438 25bf747848d3cec7561298f198ffa1f5
--WChQLJJJfbwij+9x Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEWNvwDecnbV4Fd/IRAj/KAKD3RZ0tkxhNeSJEFo9lpAwj5qkOHACgnAYT AtefgYNxDjd+QxZ+BcpQjtc= =nk+h -----END PGP SIGNATURE-----
--WChQLJJJfbwij+9x--
--===============0186642513== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0186642513==--
|
|
|
|