quick question about the exploitability of a bug in nessus.

[Nathan Valentine <nathan () nathanvalentine org>]

There is a rarely triggered bug in nessus(actually
libnasl/nasl/nessus_extenstions.c) that results in a null pointer being
passed to inet_ntoa(). nessusd segfaults when this happens. 

Perhaps this is a question that cannot be answered without more
information and a core dump file, but could someone with more(read:any
;p) experience writing exploits please offer an opinion as to whether
that sounds like an exploitable situation? I am not aware of any
techniques that one could use to trick the process into running shell
code in that situation but then I don't make any claims of being even a
competent exploit coder...that's why I am here...to learn. :)

I can provide a core dump file or an explanation of how to trigger the
bug for any who are interested in taking a further look. 

-- 
---
Nathan Valentine - nathan () nathanvalentine org
Jabber: NRVesKY AIM: NRVesKY ICQ: 39023424

Attachment: signature.asc
Description: This is a digitally signed message part