This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A buffer overflow vulnerability has been detected in the greed URL
handling code. This bug can especially be a problem when greed is used
to process GRX (GetRight) files that originate from untrusted sources.
The bug finder, Manigandan Radhakrishnan, gave the following
Here are the bugs. First, in main.c, DownloadLoop() uses strcat() to
copy an input filename to the end of a 128-byte COMMAND array. Second,
DownloadLoop() passes the input filename to system() without checking
for special characters such as semicolons.
See also :
Update the affected package.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 19102 (freebsd_pkg_bd579366529011d9ac2000065be4b5b6.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now