Vulnerability Development mailing list archives

Re: quick question about the exploitability of a bug in nessus.

From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Wed, 13 Feb 2002 11:45:29 +0100

Nathan Valentine <nathan () nathanvalentine org> writes:

Perhaps this is a question that cannot be answered without more
information and a core dump file, but could someone with more(read:any
;p) experience writing exploits please offer an opinion as to whether
that sounds like an exploitable situation?


Perhaps denial of service is possible, but there is obviously no way
to inject machine code (unless inet_ntoa is extremly flawed), that's
why I don't think this is a major issue.

-- 
Florian Weimer                    Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Current thread:

quick question about the exploitability of a bug in nessus. Nathan Valentine (Feb 12)
- Re: quick question about the exploitability of a bug in nessus. Florian Weimer (Feb 13)
- Re: quick question about the exploitability of a bug in nessus. Michel Arboi (Feb 13)