FreeBSD : peercast -- buffer overflow vulnerability (31435fbc-ae73-11dc-a5f9-001a4d49522b)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Luigi Auriemma reports that peercast is vulnerable to a buffer
overflow which could lead to a DoS or potentially remote code
execution :

The handshakeHTTP function which handles all the requests received by
the other clients is vulnerable to a heap overflow which allows an
attacker to fill the loginPassword and loginMount buffers located in
the Servent class with how much data he wants.

See also :

http://aluigi.altervista.org/adv/peercasthof-adv.txt
http://www.nessus.org/u?0b04ec22

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 29770 (freebsd_pkg_31435fbcae7311dca5f9001a4d49522b.nasl)

Bugtraq ID:

CVE ID: CVE-2007-6454

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now