FreeBSD : nbsmtp -- format string vulnerability (debbb39c-fdb3-11d9-a30d-00b0d09acbfc)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

When nbsmtp is executed in debug mode, server messages will be printed
to stdout and logged via syslog. Syslog is used insecurely and
user-supplied format characters are directly fed to the syslog
function, which results in a format string vulnerability.

Under some circumstances, an SMTP server may be able to abuse this
vulnerability in order to alter the nbsmtp process and execute
malicious code.

See also :

http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt
http://www.nessus.org/u?dcfccf9f

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19357 (freebsd_pkg_debbb39cfdb311d9a30d00b0d09acbfc.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now