Detections
Analytics

FreeBSD : greed -- insecure GRX file processing (bd579366-5290-11d9-ac20-00065be4b5b6)

critical Nessus Plugin ID 19102

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A buffer overflow vulnerability has been detected in the greed URL handling code. This bug can especially be a problem when greed is used to process GRX (GetRight) files that originate from untrusted sources.

The bug finder, Manigandan Radhakrishnan, gave the following description :

Here are the bugs. First, in main.c, DownloadLoop() uses strcat() to copy an input filename to the end of a 128-byte COMMAND array. Second, DownloadLoop() passes the input filename to system() without checking for special characters such as semicolons.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?1003c7d6

https://marc.info/?l=bugtraq&m=110321888413132

http://www.nessus.org/u?45ed62eb

Plugin Details

Severity: Critical

ID: 19102

File Name: freebsd_pkg_bd579366529011d9ac2000065be4b5b6.nasl

Version: 1.20

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:greed, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/3/2005

Vulnerability Publication Date: 12/15/2004

Reference Information

CVE: CVE-2004-1273, CVE-2004-1274

Secunia: 13534