Detections
Analytics

FreeBSD : rockdodger -- buffer overflows (2b4d5288-447e-11d9-9ebb-000854d03344)

high Nessus Plugin ID 18885

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The environment variable HOME is copied without regard to buffer size, which can be used to gain elevated privilege if the binary is installed setgid games, and a string is read from the high score file without bounds check.

The port installs the binary without setgid, but with a world-writable high score file.

Solution

Update the affected package.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278878

http://www.nessus.org/u?dab52adf

Plugin Details

Severity: High

ID: 18885

File Name: freebsd_pkg_2b4d5288447e11d99ebb000854d03344.nasl

Version: 1.13

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rockdodger, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/2/2004

Vulnerability Publication Date: 10/29/2004