pjp
Administrator
Joined: 16 Apr 2002
Posts: 20589
|
 Posted: Tue May 27, 2003 3:30 pm Post subject: [gentoo-security] GLSA: nessus (200305-10) |
 |
|
| Daniel Ahlberg wrote: | - - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-10
- - - ---------------------------------------------------------------------
PACKAGE : nessus
SUMMARY : problems in scripting engine
DATE : 2003-05-27 09:15 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <nessus-2.0.6a
FIXED VERSION : >=nessus-2.0.6a
CVE :
- - - ---------------------------------------------------------------------
- - From advisory:
"There exists some vulnerabilities in NASL scripting engine.
To exploit these flaws, an attacker would need to have a valid Nessus
account as well as the ability to upload arbitrary Nessus plugins in the
Nessus server (this option is disabled by default) or he/she would need to
trick a user somehow into running a specially crafted nasl script."
Read the full advisory at
http://marc.theaimsgroup.com/?l=bugtraq&m=105369506714849&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-analyzer/nessus upgrade to nessus-2.0.6a as follows
emerge sync
emerge nessus
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - --------------------------------------------------------------------- |
Mailing List Archive: Unavailable
_________________
Quis separabit? Quo animo? |
|
News & Announcements
