Debian Bug report logs - #365898
libnasl2: [CVE-2006-2093] remote nessusd DoS

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <martin.pitt@ubuntu.com>

To: Debian BTS Submit <submit@bugs.debian.org>

Subject: libnasl2: [CVE-2006-2093] remote nessusd DoS

Date: Wed, 3 May 2006 17:37:47 +0200

[Message part 1 (text/plain, inline)]

Package: libnasl2
Version: 2.2.7-2
Severity: important
Tags: security patch

Hi!

Recently, an advisory about a remote nessus DoS has been published.
See [1] for details. This is supposedly fixed upstream in 2.2.8.

For an immediate fix, and for the sake of fixing Sarge you might find
the Ubuntu patch [2] useful.
  
Please mention the CVE number in the changelog when you fix this to
ease tracking.

Thank you,

Martin

[1] http://www.securityfocus.com/archive/1/archive/1/431987/100/0/threaded
[2] http://patches.ubuntu.com/patches/libnasl.CVE-2006-2093.diff

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 365898@bugs.debian.org (full text, mbox, reply):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>

To: Martin Pitt <martin.pitt@ubuntu.com>, 365898@bugs.debian.org

Subject: Re: Bug#365898: libnasl2: [CVE-2006-2093] remote nessusd DoS

Date: Thu, 4 May 2006 12:12:17 +0200

[Message part 1 (text/plain, inline)]

On Wed, May 03, 2006 at 05:37:47PM +0200, Martin Pitt wrote:
> 
> Recently, an advisory about a remote nessus DoS has been published.

Yes, I was aware of this bug and followed the discussion (both at bugtraq and
in the Nessus mailing list)

> See [1] for details. This is supposedly fixed upstream in 2.2.8.

Calling this bug a "remote nessus DoS" is really an overstatement. Quite
sincerely, Ubuntu's advisory is really misleading when it says:

"(...) a remote attacker could exploit this vulnerability to cause
the Nessus daemon to crash."

The DoS can only be executed by:

- a local user with root privileges (needs to store a NASL script in some
  of the NASL directories that Nessus loads)

- a remote *authenticated* user if the administrator has allowed users to
  upload plugins to the server ( 'plugin_upload = yes' in nessusd.conf). This
  is something that is disabled per default in the Debian package.

Moreover, plugins need to be cryptographically signed in order to be
loaded into the server (unless the admin has set 'nasl_no_signature_check =
yes' in nessusd.conf which, agains, defaults to 'no').

> For an immediate fix, and for the sake of fixing Sarge you might find
> the Ubuntu patch [2] useful.

Thanks for the patch. I don't think this merits a DSA but will contact the 
Security Team for input.

Regards

Javier

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 365898-close@bugs.debian.org (full text, mbox, reply):

From: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>

To: 365898-close@bugs.debian.org

Subject: Bug#365898: fixed in libnasl 2.2.8-1

Date: Mon, 05 Jun 2006 17:17:19 -0700

Source: libnasl
Source-Version: 2.2.8-1

We believe that the bug you reported is fixed in the latest version of
libnasl, which is due to be installed in the Debian FTP archive:

libnasl-dev_2.2.8-1_i386.deb
  to pool/main/libn/libnasl/libnasl-dev_2.2.8-1_i386.deb
libnasl2_2.2.8-1_i386.deb
  to pool/main/libn/libnasl/libnasl2_2.2.8-1_i386.deb
libnasl_2.2.8-1.diff.gz
  to pool/main/libn/libnasl/libnasl_2.2.8-1.diff.gz
libnasl_2.2.8-1.dsc
  to pool/main/libn/libnasl/libnasl_2.2.8-1.dsc
libnasl_2.2.8.orig.tar.gz
  to pool/main/libn/libnasl/libnasl_2.2.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 365898@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <jfs@computer.org> (supplier of updated libnasl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  6 Jun 2006 01:06:40 +0200
Source: libnasl
Binary: libnasl2 libnasl-dev
Architecture: source i386
Version: 2.2.8-1
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Description: 
 libnasl-dev - Nessus Attack Scripting Language, static library and headers
 libnasl2   - Nessus Attack Scripting Language, shared library
Closes: 365898
Changes: 
 libnasl (2.2.8-1) unstable; urgency=low
 .
   * New upstream release
     - Fixes denial of service condition due to mis-use of split() function.
       This is CVE-2006-2093 (Closes: #365898)
Files: 
 60bdb3585fbbb0c063bee094ecb136bf 809 libs optional libnasl_2.2.8-1.dsc
 07e8d9f06862cb240ede348713cfe31b 366779 libs optional libnasl_2.2.8.orig.tar.gz
 0e6acd650c3bda266e85ac38fe7ff4ad 320315 libs optional libnasl_2.2.8-1.diff.gz
 10562a1c11f74fa1d60a5a1df2ed86e2 321282 libs optional libnasl2_2.2.8-1_i386.deb
 c56690a2129315cd9ab7974863793947 107976 libdevel optional libnasl-dev_2.2.8-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQCVAwUBRIS6R/tEPvakNq0lAQLbZwP9HYXEg1ilH5GmYWaYKdJjjo+qhbuAo2GI
vf1dGEt8/KgkUyaQqABbsk72pBJt4JVWtg9hslLyxwB4poctsafzakqMSInZN2x2
yyRpuMzadrfGOZi0XCoNHSlG0tLgQqzu8pH7oCSnpTIWEsIbmU9h72dvyxpcQ+V1
jSg22ain5+Q=
=ZfYN
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.