CVE-2006-2093
CVSS2.6
发布时间 :2006-04-29 06:02:00
修订时间 :2011-09-01 00:00:00
NMCOP    

[原文]Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.


[CNNVD]Nessus 拒绝服务漏洞(CNNVD-200604-548)

        Nessus 2.2.8之前的版本以及3.0.3之前的3.x系列版本允许用户辅助攻击者借助于NASL脚本(利用无效的sep参数调用split)造成拒绝服务(内存消耗)。注:NASL语言的设计目标是在确保脚本不能执行恶意操作的前提下简化安全测试的共享。只要Nessus用户期望分割语句不使用过大的内存。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/a:nessus:nessus:2.2.7
cpe:/a:nessus:nessus:2.2.6
cpe:/a:nessus:nessus:2.2.5
cpe:/a:nessus:nessus:2.2.2
cpe:/a:nessus:nessus:2.2.0_rc1
cpe:/a:nessus:nessus:2.2.0
cpe:/a:nessus:nessus:3.0.2
cpe:/a:nessus:nessus:2.2.3
cpe:/a:nessus:nessus:2.2.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2093
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2093
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-548
(官方数据源) CNNVD

- 其它链接及资源

http://securitytracker.com/id?1015996
(PATCH)  SECTRACK  1015996
http://xforce.iss.net/xforce/xfdb/26034
(UNKNOWN)  XF  nessus-nasl-split-dos(26034)
http://www.vupen.com/english/advisories/2006/1541
(VENDOR_ADVISORY)  VUPEN  ADV-2006-1541
http://www.ubuntulinux.org/support/documentation/usn/usn-279-1
(UNKNOWN)  UBUNTU  USN-279-1
http://www.securityfocus.com/archive/1/archive/1/431994/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060425 Re: NASL 'Split' function Buffer overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/431993/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060425 Re: NASL 'Split' function Buffer overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/431987/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060425 NASL 'Split' function Buffer overflow Vulnerability
http://www.osvdb.org/25084
(UNKNOWN)  OSVDB  25084
http://securityreason.com/securityalert/817
(UNKNOWN)  SREASON  817

- 漏洞信息

Nessus 拒绝服务漏洞
低危 资源管理错误
2006-04-29 00:00:00 2006-08-28 00:00:00
远程  
        Nessus 2.2.8之前的版本以及3.0.3之前的3.x系列版本允许用户辅助攻击者借助于NASL脚本(利用无效的sep参数调用split)造成拒绝服务(内存消耗)。注:NASL语言的设计目标是在确保脚本不能执行恶意操作的前提下简化安全测试的共享。只要Nessus用户期望分割语句不使用过大的内存。

- 公告与补丁

        

- 漏洞信息 (F46100)

Ubuntu Security Notice 279-1 (PacketStormID:F46100)
2006-05-06 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote
linux,ubuntu
CVE-2006-2093
[点击下载]

Ubuntu Security Notice 279-1 - Jayesh KS discovered that the nasl_split() function in the NASL (Nessus Attack Scripting Language) library did not check for a zero-length separator argument, which lead to an invalid memory allocation. This library is primarily used in the Nessus security scanner; a remote attacker could exploit this vulnerability to cause the Nessus daemon to crash.

===========================================================
Ubuntu Security Notice USN-279-1	       May 03, 2006
libnasl vulnerability
CVE-2006-2093
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libnasl2

The problem can be corrected by upgrading the affected package to
version 2.2.3-1ubuntu0.1 (libnasl-dev and libnasl2) and
2.2.4-1ubuntu0.1 (libnasl-dev and libnasl2). After a standard system
upgrade you need to restart nessusd to effect the necessary changes.

Details follow:

Jayesh KS discovered that the nasl_split() function in the NASL
(Nessus Attack Scripting Language) library did not check for a
zero-length separator argument, which lead to an invalid memory
allocation. This library is primarily used in the Nessus security
scanner; a remote attacker could exploit this vulnerability to cause
the Nessus daemon to crash.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3-1ubuntu0.1.diff.gz
      Size/MD5:   325024 934e559032064bdbfaf178e0e64b347d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3-1ubuntu0.1.dsc
      Size/MD5:      758 3326827ac8f9245a9188222ac517224d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3.orig.tar.gz
      Size/MD5:   360918 ee66b86f0a808c9eb1e1756490e5c067

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_amd64.deb
      Size/MD5:   334004 81c12b0e563175c9add90f462d55c46d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_amd64.deb
      Size/MD5:   101580 63413de59bcc9efe8cacbcc34380df67

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_i386.deb
      Size/MD5:   312834 8c0bfa1daf1854ef200cc9bb4e50a54c
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_i386.deb
      Size/MD5:    95840 4d8e2c1a91d8fc991f2fd1716b8583cb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5:   338600 33be5486ddf9ca014d27bf77281200f0
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5:    99624 98dcfe611e5029dc619caf72dfd4da86

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4-1ubuntu0.1.diff.gz
      Size/MD5:   325052 1a6cb2d4eba535bf7d04c86e28753fce
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4-1ubuntu0.1.dsc
      Size/MD5:      758 77166e15fa4998fccb44c731649318b9
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4.orig.tar.gz
      Size/MD5:   361551 47de3e86725b5f54f5752233a4bc1ea8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.4-1ubuntu0.1_amd64.deb
      Size/MD5:   342848 312e410daa37b832a4462c0fd43a256e
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.4-1ubuntu0.1_amd64.deb
      Size/MD5:   105872 17131088c3fcf03c61ff48c1068de163

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.4-1ubuntu0.1_i386.deb
      Size/MD5:   314346 3e306ca23afe7008bc7fb1e0864763fa
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.4-1ubuntu0.1_i386.deb
      Size/MD5:    96150 dc30810ccc3d00679da3f081517ada1d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   344788 fa5ead6eae23d5811973691236068b5a
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   102438 25bf747848d3cec7561298f198ffa1f5
    

- 漏洞信息

25084
Nessus NASL Processing split Function Remote Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability Upgrade
Exploit Public Vendor Verified

- 漏洞描述

Nessus NASL contains a flaw that may allow a remote denial of service. The issue is triggered when a rouge plugin is loaded by the Nessus server which contains a malicious 'split' function call, and will result in loss of availability for the platform.

- 时间线

2006-04-25 2006-04-20
2006-04-25 Unknow

- 解决方案

Upgrade to version Nessus version 2.2.8 / 3.0.3 or higher, or libnasl revision 1.46.2.9 or higher, as it has been reported to fix this vulnerability. In addition, the OS2A Team has released a patch for some older versions.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站