CVE-2003-0372 - Vulnerability Details - OpenCVE

Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nessus	Nessus

Configuration 1 [-]

cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=105364059803427&w=2
http://marc.info/?l=bugtraq&m=105369506714849&w=2
http://www.securityfocus.com/bid/7664

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-06-06T04:00:00

Updated: 2024-08-08T01:50:48.021Z

Reserved: 2003-06-04T00:00:00

Link: CVE-2003-0372

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2003-06-16T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2003-0372

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-05-22T00:00:00", "descriptions": [{"lang": "en", "value": "Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030522 Potential security vulnerability in Nessus", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105364059803427&w=2"}, {"name": "20030523 nessus NASL scripting engine security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105369506714849&w=2"}, {"name": "7664", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7664"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0372", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030522 Potential security vulnerability in Nessus", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105364059803427&w=2"}, {"name": "20030523 nessus NASL scripting engine security issues", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105369506714849&w=2"}, {"name": "7664", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7664"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:50:48.021Z"}, "title": "CVE Program Container", "references": [{"name": "20030522 Potential security vulnerability in Nessus", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105364059803427&w=2"}, {"name": "20030523 nessus NASL scripting engine security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105369506714849&w=2"}, {"name": "7664", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/7664"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0372", "datePublished": "2003-06-06T04:00:00", "dateReserved": "2003-06-04T00:00:00", "dateUpdated": "2024-08-08T01:50:48.021Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DE0DF12-7BFD-4011-B73F-66ED1A51E1F1", "versionEndIncluding": "2.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script."}, {"lang": "es", "value": "Vulnerabilidad de entero con signo en libnsl en Nessus anterior a la 2.0.6 permite que usuarios locales con privilegios de carga de plugin provoquen una denegaci\u00f3n de servicio (core dump) y posiblemente ejecuten c\u00f3digo arbitrario provocando que se pase un argumento negativo a la funcio\u00f3n insstr cuando se usa en un script NASL."}], "id": "CVE-2003-0372", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-06-16T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105364059803427&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105369506714849&w=2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/7664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=105364059803427&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=105369506714849&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/7664"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}