This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
James Yonan reports :
A format string vulnerability in the foreign_option function in
options.c could potentially allow a malicious or compromised server to
execute arbitrary code on the client. Only non-Windows clients are
affected. The vulnerability only exists if (a) the client's TLS
negotiation with the server succeeds, (b) the server is malicious or
has been compromised such that it is configured to push a maliciously
crafted options string to the client, and (c) the client indicates its
willingness to accept pushed options from the server by having 'pull'
or 'client' in its configuration file (Credit: Vade79).
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5