FreeBSD : firefox & mozilla -- buffer overflow vulnerability (8665ebb9-2237-11da-978e-0001020eed82)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Tom Ferris reports :

A buffer overflow vulnerability exists within Firefox version 1.0.6
and all other prior versions which allows for an attacker to remotely
execute arbitrary code on an affected host.

The problem seems to be when a hostname which has all dashes causes
the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return
true, but is sets encHost to an empty string. Meaning, Firefox appends
0 to approxLen and then appends the long string of dashes to the
buffer instead.

Note: It is possible to disable IDN support as a workaround to protect
against this buffer overflow. How to do this is described on the What
Firefox and Mozilla users should know about the IDN buffer overflow
security issue web page.

See also :

http://marc.info/?l=full-disclosure&m=112624614008387
http://www.mozilla.org/security/idn.html
https://bugzilla.mozilla.org/show_bug.cgi?id=307259
http://www.mozilla.org/security/announce/mfsa2005-57.html
http://www.nessus.org/u?3e9252ea

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21463 (freebsd_pkg_8665ebb9223711da978e0001020eed82.nasl)

Bugtraq ID: 14784

CVE ID: CVE-2005-2871

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now