This particular NASL sends a variety of unicode and '..' strings followed by
'/winnt/system32/cmd.exe?/c+dir+c:\\+/OG', which is consistent with this
bug. Looks like even though they fixed this bug in CVS several months ago,
1.1.23 is relatively new. Hopefully RPM's for RedHat and Fedora are
forthcoming.
Oddly enough, this is the only NASL I've come across that seems to trigger
this bug, even though I can see requests for 'GET /../../etc/passwd' in the
CUPS access_log.
Thanks,
PaulM
-----Original Message-----
Subject: Re: NASL Hanging CUPS
On Tue, Mar 22, 2005 at 02:49:44PM -0500, Paul Melson wrote:
> I have found that the iis_decode_bug.nasl ('Plugins/CGI abuses/IIS
> Remote Command Execution') is hanging cupsd on Fedora Core 3.
I'm not sure about that particular plugin, but there is an acknowledged bug
in CUPS that causes it to hang when it receives an invalid URL; eg, "GET
/..a HTTP/1.1". The bug is described at:
http://www.cups.org/str.php?L1042
and has been fixed in 1.1.23. Upgrading resolved the hangs I was
experiencing.
George
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
