lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060503163600.GE5671@piware.de>
Date: Wed May  3 17:36:09 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-279-1] libnasl/nessus vulnerability

===========================================================
Ubuntu Security Notice USN-279-1	       May 03, 2006
libnasl vulnerability
CVE-2006-2093
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libnasl2

The problem can be corrected by upgrading the affected package to
version 2.2.3-1ubuntu0.1 (libnasl-dev and libnasl2) and
2.2.4-1ubuntu0.1 (libnasl-dev and libnasl2). After a standard system
upgrade you need to restart nessusd to effect the necessary changes.

Details follow:

Jayesh KS discovered that the nasl_split() function in the NASL
(Nessus Attack Scripting Language) library did not check for a
zero-length separator argument, which lead to an invalid memory
allocation. This library is primarily used in the Nessus security
scanner; a remote attacker could exploit this vulnerability to cause
the Nessus daemon to crash.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3-1ubuntu0.1.diff.gz
      Size/MD5:   325024 934e559032064bdbfaf178e0e64b347d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3-1ubuntu0.1.dsc
      Size/MD5:      758 3326827ac8f9245a9188222ac517224d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3.orig.tar.gz
      Size/MD5:   360918 ee66b86f0a808c9eb1e1756490e5c067

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_amd64.deb
      Size/MD5:   334004 81c12b0e563175c9add90f462d55c46d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_amd64.deb
      Size/MD5:   101580 63413de59bcc9efe8cacbcc34380df67

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_i386.deb
      Size/MD5:   312834 8c0bfa1daf1854ef200cc9bb4e50a54c
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_i386.deb
      Size/MD5:    95840 4d8e2c1a91d8fc991f2fd1716b8583cb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5:   338600 33be5486ddf9ca014d27bf77281200f0
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5:    99624 98dcfe611e5029dc619caf72dfd4da86

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4-1ubuntu0.1.diff.gz
      Size/MD5:   325052 1a6cb2d4eba535bf7d04c86e28753fce
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4-1ubuntu0.1.dsc
      Size/MD5:      758 77166e15fa4998fccb44c731649318b9
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4.orig.tar.gz
      Size/MD5:   361551 47de3e86725b5f54f5752233a4bc1ea8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.4-1ubuntu0.1_amd64.deb
      Size/MD5:   342848 312e410daa37b832a4462c0fd43a256e
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.4-1ubuntu0.1_amd64.deb
      Size/MD5:   105872 17131088c3fcf03c61ff48c1068de163

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.4-1ubuntu0.1_i386.deb
      Size/MD5:   314346 3e306ca23afe7008bc7fb1e0864763fa
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.4-1ubuntu0.1_i386.deb
      Size/MD5:    96150 dc30810ccc3d00679da3f081517ada1d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   344788 fa5ead6eae23d5811973691236068b5a
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   102438 25bf747848d3cec7561298f198ffa1f5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060503/1da2b4a9/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ