Re: Need more vuln information on Nessus PluginID 15640

["George A. Theall" <theall@tenablesecurity.com>]

On Fri, Dec 08, 2006 at 04:34:02PM +0100, oskar wrote:

> Can someone provide me with more information on the actual vulnerability 
> relating to
> http://www.nessus.org/plugins/index.php?view=viewsrc&id=15640
> It doesn't include any reference to an existing vulnerability.
> No bugtragid, no cve, nothing, so what does this relate to.
To expand on Michel's answer, it's a generic test for a format string 
vulnerability in a web server; basically, Nessus probes the target using 
various methods (eg, GET, POST, TRACE, ...) and URIs with format strings.
If Nessus is reporting a hole, then it apparently was able to crash the 
service; if just a warning, it saw a string in a response that looked 
like a 8 digit hex number and such a number was not seen when probing 
for a non-existent page. Setting the debug level to 1 should log some 
info in nessusd.dump showing you what it found for a normal answer and 
from the format string attack.
George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus