Vulnerabilities > CVE-2003-0372 - Numeric Errors vulnerability in Nessus

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

CWE-189

exploit available

NVD

Published: 2003-06-16

Updated: 2024-11-20

Summary

Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.

Vulnerable Configurations

Part	Description	Count
Application	Nessus Nessus Nessus *	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	Nessus 2.0.x LibNASL Arbitrary Code Execution Vulnerability. CVE-2003-0372. Dos exploits for multiple platform
id	EDB-ID:22634
last seen	2016-02-02
modified	2003-05-22
published	2003-05-22
reporter	Sir Mordred
source	https://www.exploit-db.com/download/22634/
title	Nessus 2.0.x LibNASL Arbitrary Code Execution Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References