Get the LinuxSecurity news you want faster with RSS
Powered By
Gentoo: nessus multiple vulnerabilities
Posted by LinuxSecurity.com Team
There exists some vulnerabilities in NASL scripting engine.
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-10
- - - ---------------------------------------------------------------------
PACKAGE : nessus
SUMMARY : problems in scripting engine
DATE : 2003-05-27 09:15 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =nessus-2.0.6a
CVE :
- - - ---------------------------------------------------------------------
- - From advisory:
"There exists some vulnerabilities in NASL scripting engine.
To exploit these flaws, an attacker would need to have a valid Nessus
account as well as the ability to upload arbitrary Nessus plugins in the
Nessus server (this option is disabled by default) or he/she would need to
trick a user somehow into running a specially crafted nasl script."
Read the full advisory at
http://marc.theaimsgroup.com/?l=bugtraq&m=105369506714849&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-analyzer/nessus upgrade to nessus-2.0.6a as follows
emerge sync
emerge nessus
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
