131273 – net-analyzer/libnasl: DoS because if buffer overflow (not exploitable for code execution)

Bug 131273 - net-analyzer/libnasl: DoS because if buffer overflow (not exploitable for code execution)

Summary: net-analyzer/libnasl: DoS because if buffer overflow (not exploitable for cod...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://archives.neohapsis.com/archive...
Whiteboard:	B3 [upstream]
Keywords:

Duplicates (1):	132352 (view as bug list)
Depends on:
Blocks:

Reported:	2006-04-25 14:38 UTC by Raphael Marichez (Falco) (RETIRED)
Modified:	2006-05-09 13:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-04-25 14:38:24 UTC

From: http://archives.neohapsis.com/archives/bugtraq/2006-04/att-0519/os2a_1005.txt
--------------------------
Description:
--------------
A buffer overflow vulnerability exists in the implementation of split()
function in NASL.

Impact:
--------
This causes nasl to consume a large amount of CPU and memory resources
and stop responding. Execution of arbitrary commands on the vulnerable 
host may be possible.

To exploit this, an attacker need to have the ability to execute nasl
scripts using the 'nasl' command.

Affected Software(s):
---------------------
Nessus 3.0.2 and prior
Nessus 2.2.7 and prior
(...)


-----------------------

and from http://archives.neohapsis.com/archives/bugtraq/2006-04/0526.html :

At the opposite of what the full advisory hints, this issue is NOT  
exploitable.
(understand : not exploitable to execute arbitrary code, see http://archives.neohapsis.com/archives/bugtraq/2006-04/0524.html )


a patch is provided in http://archives.neohapsis.com/archives/bugtraq/2006-04/att-0519/os2a_1005.txt

Could you please check the patch and then provide a patched ebuild.

Comment 1 Marcelo Goes (RETIRED) gentoo-dev

2006-04-25 15:37:46 UTC

I'd rather wait for an upstream release - it looks like Renaud Deraison is aware of the issue...

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2006-04-28 11:06:35 UTC

Setting to upstream until Renaud comes up with a fixed version

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2006-05-09 10:21:31 UTC

*** Bug 132352 has been marked as a duplicate of this bug. ***

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2006-05-09 10:22:26 UTC

Rereading, this one is really sucky. I would just RESOLVED/INVALIDate it.

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-09 13:19:52 UTC

I agree with Koon and closing as invalid. Feel free to reopen if you disagree.

Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-05-09 13:28:24 UTC

OK :)

jaervosz was just here a few minutes before me