https://www.exploit-db.com/exploits/22634
https://www.securityfocus.com/bid/87143
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-094

Nessus2.0.6之前版本libnasl存在签名整数漏洞。具有插件上传特权的本地用户通过引起提供给如用在NASL脚本中insstr函数的负参数导致服务拒绝（内存转储）并可能执行任意代码。

source: http://www.securityfocus.com/bid/7664/info

Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox environment and execute arbitrary commands on the local system.

Note that this malicious script must be a legitimate plugin that has been uploaded to the Nessus server. Furthermore, the affected Nessus application must have enabled the 'plugins_upload' option (which is disabled by default).

insstr("aaaaaaaaaaa", "bb", 3, 0xfffffffd);
scanner_add_port(port : 80, proto : crap(data:'A', length:300));
ftp_log_in (socket : open_sock_tcp(21), pass : "11", user:crap (data:'A',length:8192) );

Nessus Nessus 2.0.5

来源:BUGTRAQ
名称:20030523nessusNASLscriptingenginesecurityissues
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105369506714849&w;=2
来源:BUGTRAQ
名称:20030522PotentialsecurityvulnerabilityinNessus
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105364059803427&w;=2
来源:BID
名称:7664
链接:http://www.securityfocus.com/bid/7664