FreeBSD : google-earth -- heap overflow in the KML engine (5c9a2769-5ade-11db-a5ae-00508d6a62df)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

JAAScois reports :

While processing KML/KMZ data Google Earth fails to verify its size
prior to copying it into a fixed-sized buffer. This can be exploited
as a buffer-overflow vulnerability to cause the application to crash
and/or to execute arbitrary code.

See also :

http://www.jaascois.com/exploits/18602024/
http://www.nessus.org/u?fef04a85

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.7
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25050 (freebsd_pkg_5c9a27695ade11dba5ae00508d6a62df.nasl)

Bugtraq ID: 20464

CVE ID: CVE-2006-7157

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now