FreeBSD : jabberd -- 3 buffer overflows (55041d37-ff62-11d9-a9a5-000ae4641456)

high Nessus Plugin ID 19342

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

There are 3 buffer overflows in jid.c that are triggered during parsing of JID strings when components (user, host or resource) are too long.

- jid.c, line 103: overflow in `str' buffer through strcpy() when 'user' part is too long.

- jid.c, line 115: overflow in `str' buffer through strcpy() when 'host' part is too long.

- jid.c, line 127: overflow in `str' buffer through strcpy() when 'resource' part is too long.

These overflows can be used to perform a DoS attack on the server (sm process segfaults) and can possible be used for arbitrary code execution.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?d12c2190

http://www.nessus.org/u?d670375a

Plugin Details

Severity: High

ID: 19342

File Name: freebsd_pkg_55041d37ff6211d9a9a5000ae4641456.nasl

Version: 1.14

Type: local

Published: 8/1/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jabberd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/30/2005

Vulnerability Publication Date: 7/25/2005