FreeBSD : mplayer -- cddb stack overflow (3ac80dd2-14df-11dc-bcfc-0016179b2dd5)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Mplayer Team reports :

A stack overflow was found in the code used to handle cddb queries.
When copying the album title and category, no checking was performed
on the size of the strings before storing them in a fixed-size array.
A malicious entry in the database could trigger a stack overflow in
the program, leading to arbitrary code execution with the uid of the
user running MPlayer.

See also :

http://www.nessus.org/u?a2aa3d96

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25451 (freebsd_pkg_3ac80dd214df11dcbcfc0016179b2dd5.nasl)

Bugtraq ID: 24339

CVE ID: CVE-2007-2948

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now