Vulnerability Development mailing list archives
quick question about the exploitability of a bug in nessus.
From: Nathan Valentine <nathan () nathanvalentine org>
Date: 12 Feb 2002 21:16:52 -0500
There is a rarely triggered bug in nessus(actually libnasl/nasl/nessus_extenstions.c) that results in a null pointer being passed to inet_ntoa(). nessusd segfaults when this happens. Perhaps this is a question that cannot be answered without more information and a core dump file, but could someone with more(read:any ;p) experience writing exploits please offer an opinion as to whether that sounds like an exploitable situation? I am not aware of any techniques that one could use to trick the process into running shell code in that situation but then I don't make any claims of being even a competent exploit coder...that's why I am here...to learn. :) I can provide a core dump file or an explanation of how to trigger the bug for any who are interested in taking a further look. -- --- Nathan Valentine - nathan () nathanvalentine org Jabber: NRVesKY AIM: NRVesKY ICQ: 39023424
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- quick question about the exploitability of a bug in nessus. Nathan Valentine (Feb 12)
- Re: quick question about the exploitability of a bug in nessus. Florian Weimer (Feb 13)
- Re: quick question about the exploitability of a bug in nessus. Michel Arboi (Feb 13)