Ubuntu Local Security Checks : Ubuntu USN-279-1 (libnasl)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.56701

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-279-1 (libnasl)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to libnasl
announced via advisory USN-279-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected: libnasl2

Jayesh KS discovered that the nasl_split() function in the NASL
(Nessus Attack Scripting Language) library did not check for a
zero-length separator argument, which lead to an invalid memory
allocation. This library is primarily used in the Nessus security
scanner
a remote attacker could exploit this vulnerability to cause
the Nessus daemon to crash.

Solution:
The problem can be corrected by upgrading the affected package to
version 2.2.3-1ubuntu0.1 (libnasl-dev and libnasl2) and
2.2.4-1ubuntu0.1 (libnasl-dev and libnasl2). After a standard system
upgrade you need to restart nessusd to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-279-1

Risk factor : Medium

CVSS Score:
2.6

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2093
Bugtraq: 20060425 NASL 'Split' function Buffer overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/431987/100/0/threaded
Bugtraq: 20060425 Re: NASL 'Split' function Buffer overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/431993/100/0/threaded
http://www.securityfocus.com/archive/1/431994/100/0/threaded
http://www.osvdb.org/25084
http://securitytracker.com/id?1015996
http://securityreason.com/securityalert/817
https://usn.ubuntu.com/279-1/
http://www.vupen.com/english/advisories/2006/1541
XForce ISS Database: nessus-nasl-split-dos(26034)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26034

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.56701
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-279-1 (libnasl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libnasl announced via advisory USN-279-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libnasl2 Jayesh KS discovered that the nasl_split() function in the NASL (Nessus Attack Scripting Language) library did not check for a zero-length separator argument, which lead to an invalid memory allocation. This library is primarily used in the Nessus security scanner a remote attacker could exploit this vulnerability to cause the Nessus daemon to crash. Solution: The problem can be corrected by upgrading the affected package to version 2.2.3-1ubuntu0.1 (libnasl-dev and libnasl2) and 2.2.4-1ubuntu0.1 (libnasl-dev and libnasl2). After a standard system upgrade you need to restart nessusd to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-279-1 Risk factor : Medium CVSS Score: 2.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2093 Bugtraq: 20060425 NASL 'Split' function Buffer overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/431987/100/0/threaded Bugtraq: 20060425 Re: NASL 'Split' function Buffer overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/431993/100/0/threaded http://www.securityfocus.com/archive/1/431994/100/0/threaded http://www.osvdb.org/25084 http://securitytracker.com/id?1015996 http://securityreason.com/securityalert/817 https://usn.ubuntu.com/279-1/ http://www.vupen.com/english/advisories/2006/1541 XForce ISS Database: nessus-nasl-split-dos(26034) https://exchange.xforce.ibmcloud.com/vulnerabilities/26034
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com