FreeBSD : jabberd -- 3 buffer overflows (55041d37-ff62-11d9-a9a5-000ae4641456)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

There are 3 buffer overflows in jid.c that are triggered during
parsing of JID strings when components (user, host or resource) are
too long.

- jid.c, line 103: overflow in `str' buffer through strcpy() when
'user' part is too long.

- jid.c, line 115: overflow in `str' buffer through strcpy() when
'host' part is too long.

- jid.c, line 127: overflow in `str' buffer through strcpy() when
'resource' part is too long.

These overflows can be used to perform a DoS attack on the server (sm
process segfaults) and can possible be used for arbitrary code
execution.

See also :

http://www.nessus.org/u?d12c2190
http://www.nessus.org/u?6fcad879

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19342 (freebsd_pkg_55041d37ff6211d9a9a5000ae4641456.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now