[Openvas-devel] [openvas-Bugs][951] Newlines in script_name() cause serious problems

openvas-bugs@wald.intevation.org openvas-bugs at wald.intevation.org
Thu Apr 9 21:21:25 CEST 2009


Bugs item #951, was opened at 2009-04-09 21:21
Status: Open
Priority: 4
Submitted By: Jan-Oliver Wagner (jan)
Assigned to: Nobody (None)
Summary: Newlines in script_name() cause serious problems 
Resolution: None
Severity: major
Version: v2.0
Component: None
Operating System: All
Product: OpenVAS
Hardware: None
URL: 


Initial Comment:
In case a script_name() has a string with a newline, eg:

script_name(english:"Xplode 'module_wrapper.asp' SQL Injection and Cross Site Scripting Vulnerabilities
           ");

then the client, when connecting will issue error like this:

Could not parse 1.3.6.1.4.1.25623.1.0.100113 <|> Xplode 'module_wrapper.asp' SQL Injection and Cross Site Scripting Vulnerabilities

Could not parse               <|> infos <|> This script is Copyright (C) 2009 Mi; Risk factor : Medium <|> Determine if Xplode is prone to XSS and SQL-injection vulnerabilities <|> Web application abuses <|> 1.0 <|> NOCVE <|> 34419 <|> NOXREF <|> NOSIGNKEYS <|> NOTAG

add_md5sum_to_plugin: Unknown plugin 1.3.6.1.4.1.25623.1.0.100113



Probably it is best to practice input sanitizing in script_name, so that newlines are turned into spaces or so.

I am not sure though where the actual problem turns into effect.
Maybe OTP protocol and later on the client.
But there also seem to occur some problems on the
server side.



----------------------------------------------------------------------

You can respond by visiting: 
http://wald.intevation.org/tracker/?func=detail&atid=220&aid=951&group_id=29


More information about the Openvas-devel mailing list