CVE-2003-0372 - Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload

CVE-2003-0372

Summary

Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.

References

http://marc.info/?l=bugtraq&m=105364059803427&w=2
http://marc.info/?l=bugtraq&m=105369506714849&w=2
http://www.securityfocus.com/bid/7664

Vulnerable Configurations

cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*
cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2016 - 02:33)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	7664
bugtraq	20030522 Potential security vulnerability in Nessus 20030523 nessus NASL scripting engine security issues

Last major update

18-10-2016 - 02:33

Published

16-06-2003 - 04:00

Last modified

18-10-2016 - 02:33