George and Michel,
Thank you for your help in this.
One more question, where do set the debug level to 1 ?
Checked nessusd.conf, manual page of nessusd and manual page of nessus,
but none have a reference to setting of the debuglevel.
George A. Theall wrote:
On Fri, Dec 08, 2006 at 04:34:02PM +0100, oskar wrote:
Can someone provide me with more information on the actual
vulnerability relating to
http://www.nessus.org/plugins/index.php?view=viewsrc&id=15640
It doesn't include any reference to an existing vulnerability.
No bugtragid, no cve, nothing, so what does this relate to.
To expand on Michel's answer, it's a generic test for a format string
vulnerability in a web server; basically, Nessus probes the target
using various methods (eg, GET, POST, TRACE, ...) and URIs with format
strings.
If Nessus is reporting a hole, then it apparently was able to crash
the service; if just a warning, it saw a string in a response that
looked like a 8 digit hex number and such a number was not seen when
probing for a non-existent page. Setting the debug level to 1 should
log some info in nessusd.dump showing you what it found for a normal
answer and from the format string attack.
George
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
