FreeBSD : gld -- format string and buffer overflow vulnerabilities (6c2d4f29-af3e-11d9-837d-000e0c2e438a)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Gld has been found vulnerable to multiple buffer overflows as well as
multiple format string vulnerabilities.

An attacker could exploit this vulnerability to execute arbitrary code
with the permissions of the user running Gld, the default user being
root.

The FreeBSD port defaults to running gld as the root user. The risk of
exploitation can be minimized by making gld listen on the loopback
address only, or configure it to only accept connections from trusted
smtp servers.

See also :

http://marc.info/?l=bugtraq&m=111339935903880
http://marc.info/?l=bugtraq&m=111342432325670
http://www.nessus.org/u?e408f050

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18974 (freebsd_pkg_6c2d4f29af3e11d9837d000e0c2e438a.nasl)

Bugtraq ID: 13129
13133

CVE ID: CVE-2005-1099
CVE-2005-1100

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now