FreeBSD : FreeBSD -- Buffer overflow in stdio (74ded00e-6007-11e6-a6c3-14dae9d210b8)

medium Nessus Plugin ID 92914

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A programming error in the standard I/O library's __sflush() function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write(2) system call returns an error. Impact : The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow.

Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?3368303e

Plugin Details

Severity: Medium

ID: 92914

File Name: freebsd_pkg_74ded00e600711e6a6c314dae9d210b8.nasl

Version: 2.3

Type: local

Published: 8/12/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 12/10/2014

Reference Information

CVE: CVE-2014-8611

BID: 71621

FreeBSD: SA-14:27.stdio