Gentoo: nessus multiple vulnerabilities
Posted by LinuxSecurity.com Team   
Gentoo There exists some vulnerabilities in NASL scripting engine.

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-10
- - - ---------------------------------------------------------------------

          PACKAGE : nessus
          SUMMARY : problems in scripting engine
             DATE : 2003-05-27 09:15 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : =nessus-2.0.6a
              CVE : 

- - - ---------------------------------------------------------------------

- - From advisory:

"There exists some vulnerabilities in NASL scripting engine.
To exploit these flaws, an attacker would need to have a valid Nessus
account as well as the ability to upload arbitrary Nessus plugins in the
Nessus server (this option is disabled by default) or he/she would need to
trick a user somehow into running a specially crafted nasl script."

Read the full advisory at 
http://marc.theaimsgroup.com/?l=bugtraq&m=105369506714849&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-analyzer/nessus upgrade to nessus-2.0.6a as follows

emerge sync
emerge nessus
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at  http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------