FreeBSD : unace -- multiple vulnerabilities (1d3a2737-7eb7-11d9-acf7-000854d03344)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Ulf Harnhammar reports :

- There are buffer overflows when extracting, testing or listing
specially prepared ACE archives.

- There are directory traversal bugs when extracting ACE archives.

- There are also buffer overflows when dealing with long (>17000
characters) command line arguments.

Secunia reports :

The vulnerabilities have been confirmed in version 1.2b. One of the
buffer overflow vulnerabilities have also been reported in version
2.04, 2.2 and 2.5. Other versions may also be affected.

Successful exploitation may allow execution of arbitrary code.

See also :

http://marc.info/?l=full-disclosure&m=110911451613135
http://www.nessus.org/u?81af5003

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18860 (freebsd_pkg_1d3a27377eb711d9acf7000854d03344.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0160
CVE-2005-0161

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now