FreeBSD : FreeBSD -- routed(8) remote denial of service vulnerability (0d584493-600a-11e6-a6c3-14dae9d210b8)

medium Nessus Plugin ID 92893

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Impact : Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?09ae3ce2

Plugin Details

Severity: Medium

ID: 92893

File Name: freebsd_pkg_0d584493600a11e6a6c314dae9d210b8.nasl

Version: 2.5

Type: local

Published: 8/12/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 8/5/2015

Reference Information

CVE: CVE-2015-5674

FreeBSD: SA-15:19.routed