FreeBSD : lynx -- remote buffer overflow (c01170bf-4990-11da-a1b8-000854d03344)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Ulf Harnhammar reports :

When Lynx connects to an NNTP server to fetch information about the
available articles in a newsgroup, it will call a function called
HTrjis() with the information from certain article headers. The
function adds missing ESC characters to certain data, to support Asian
character sets. However, it does not check if it writes outside of the
char array buf, and that causes a remote stack-based buffer overflow.

See also :

http://www.nessus.org/u?a40354e4
http://www.nessus.org/u?79418c11

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21506 (freebsd_pkg_c01170bf499011daa1b8000854d03344.nasl)

Bugtraq ID:

CVE ID: CVE-2005-3120

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now