I was going through some nessus scan results this morning and noticed that scans were aborting with "*** The daemon shut down the communication" followed by a broken pipe and "Communication closed by server nessus: nessusd abruptly shut the communication down - the test may be incomplete" -- which is obviously concerning. A rescan a few minutes later was executed without error.
Checking the logs I find that there are syntax errors reported with mdns.nasl and others. The messages vary (not a repeating loop). A sample from nessusd.dump: vignette_tcl_code_injection.nasl[28110.515]>http_recv_body: read stopped after 1 MB! vignette_info_leak.nasl[28110.848]>http_recv_body: read stopped after 1 MB! [6980](icecap_default_pw.nasl:0x718) Syntax error with the send() function [6980](icecap_default_pw.nasl:0x718) Correct syntax is : send(socket:<soc>, data:<data> [6980](icecap_default_pw.nasl:0x71d) recv_line: missing or undefined parameter length or soc [6980](icecap_default_pw.nasl:0x721) close(-1): Invalid argument [14184](mdns.nasl:0x57b) ord() usage : ord(char) [14184](mdns.nasl:0x587) ord() usage : ord(char) [14184](mdns.nasl:0x591) Usage: substr(string, idx_start [,idx_end]) [14184](mdns.nasl:0x596) Syntax error with set_kb_item() [null value] [14184](mdns.nasl:0x5a1) ord() usage : ord(char) [14184](mdns.nasl:0x5a9) Usage: substr(string, idx_start [,idx_end]) [14184](mdns.nasl:0x5b8) Syntax error with set_kb_item() [null value] vignette_info_leak.nasl[20962.844]>http_recv_body: read stopped after 1 MB! And what looks to be a matching part of nessusd.messages: [Mon Nov 6 09:40:02 2006][23382] connection from 127.0.0.1 [Mon Nov 6 09:40:02 2006][28556] Client requested protocol version 12. [Mon Nov 6 09:40:02 2006][28556] successful login of security from 127.0.0.1 [Mon Nov 6 09:40:03 2006][23382] connection from 127.0.0.1 [Mon Nov 6 09:40:03 2006][28675] Client requested protocol version 12. [Mon Nov 6 09:40:03 2006][28675] successful login of security from 127.0.0.1 [Mon Nov 6 09:40:04 2006][28556] SIGSEGV occured -- trying to dump the current environment [Mon Nov 6 09:40:04 2006][28556] -> dump the process code in /opt/nessus//var/nessus/logs/nessus_process_dump.28556 [Mon Nov 6 09:40:04 2006][23382] connection from 127.0.0.1 [Mon Nov 6 09:40:04 2006][28676] Client requested protocol version 12. [Mon Nov 6 09:40:04 2006][28676] successful login of security from 127.0.0.1 Memory usage is fairly high at almost 2GB, but since the system has 2GB of RAM there shouldn't be a serious memory issue yet. I can provide the dump file for the time span in question and more of the logs. Tim Doty
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
