FreeBSD : vorbis-tools -- Speex header processing vulnerability (633716fa-1f8f-11dd-b143-0211d880e350)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been reported in vorbis-tools, which can
potentially be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to an input validation error when
processing Speex headers, which can be exploited via a specially
crafted Speex stream containing a negative 'modeID' field in the
header.

Successful exploitation may allow execution of arbitrary code.

See also :

http://www.nessus.org/u?a7350753

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 32299 (freebsd_pkg_633716fa1f8f11ddb1430211d880e350.nasl)

Bugtraq ID:

CVE ID: CVE-2008-1686

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now