On Wed, May 03, 2006 at 05:37:47PM +0200, Martin Pitt wrote: > > Recently, an advisory about a remote nessus DoS has been published.
Yes, I was aware of this bug and followed the discussion (both at bugtraq and in the Nessus mailing list) > See [1] for details. This is supposedly fixed upstream in 2.2.8. Calling this bug a "remote nessus DoS" is really an overstatement. Quite sincerely, Ubuntu's advisory is really misleading when it says: "(...) a remote attacker could exploit this vulnerability to cause the Nessus daemon to crash." The DoS can only be executed by: - a local user with root privileges (needs to store a NASL script in some of the NASL directories that Nessus loads) - a remote *authenticated* user if the administrator has allowed users to upload plugins to the server ( 'plugin_upload = yes' in nessusd.conf). This is something that is disabled per default in the Debian package. Moreover, plugins need to be cryptographically signed in order to be loaded into the server (unless the admin has set 'nasl_no_signature_check = yes' in nessusd.conf which, agains, defaults to 'no'). > For an immediate fix, and for the sake of fixing Sarge you might find > the Ubuntu patch [2] useful. Thanks for the patch. I don't think this merits a DSA but will contact the Security Team for input. Regards Javier
signature.asc
Description: Digital signature