Detections
Analytics

FreeBSD : streamripper -- multiple buffer overflows (4d4caee0-b939-11dd-a578-0030843d3802)

high Nessus Plugin ID 34940

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia reports :

A boundary error exists within http_parse_sc_header() in lib/http.c when parsing an overly long HTTP header starting with 'Zwitterion v'.

A boundary error exists within http_get_pls() in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry.

A boundary error exists within http_get_m3u() in lib/http.c when parsing a specially crafted m3u playlist containing an overly long 'File' entry.

Solution

Update the affected package.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2008-50/

http://www.nessus.org/u?6b3e4431

http://www.nessus.org/u?16f240fc

Plugin Details

Severity: High

ID: 34940

File Name: freebsd_pkg_4d4caee0b93911dda5780030843d3802.nasl

Version: 1.14

Type: local

Published: 11/24/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:streamripper, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/23/2008

Vulnerability Publication Date: 11/5/2008

Reference Information

CVE: CVE-2008-4829

CWE: 119