In association with heise online

01 August 2007, 13:11

Flaw in Nessus under Windows puts pentesters at risk

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The maker of vulnerability scanner Nessus has released version for Windows, which fixes a bug which could have opened the penetration tester itself to penetration. Two exploits for the application have been published on Milw0rm. According to Tenable, under Windows the Nessus GUI (scan.dll) registers an ActiveX control which includes the functions addsetConfig, deleteReport and saveNessusRC, which can be controlled remotely. This can be exploited to create or delete files on a PC and to pass commands to the Windows shell and execute them. The latter requires just three lines of JavaScript:

<script language="javascript">
obj.addsetConfig('shutdown -t 1000 -s -c "hello world ;]" && pause', '', '');

The attack does, however, require the user to visit a prepared web page. All versions of Nessus 3.0.x for Windows are affected. Users are urgently recommended to update to the new version.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit