Detections
Analytics

FreeBSD : mnGoSearch buffer overflow in UdmDocToTextBuf() (87cc48fd-5fdd-11d8-80e3-0020ed76ef5a)

high Nessus Plugin ID 36472

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jedi/Sector One <[email protected]> reported the following on the full-disclosure list :

Every document is stored in multiple parts according to its sections (description, body, etc) in databases. And when the content has to be sent to the client, UdmDocToTextBuf() concatenates those parts together and skips metadata.

Unfortunately, that function lacks bounds checking and a buffer overflow can be triggered by indexing a large enough document.

'len' is fixed to 10K [in UdmDocToTextBuf] in searchd.c . S->val length depends on the length of the original document and on the indexer settings (the sample configuration file has low limits that work around the bug, though).

Exploitation should be easy, moreover textbuf points to the stack.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?f989314d

http://www.nessus.org/u?b4389560

Plugin Details

Severity: High

ID: 36472

File Name: freebsd_pkg_87cc48fd5fdd11d880e30020ed76ef5a.nasl

Version: 1.13

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mnogosearch, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/15/2004

Vulnerability Publication Date: 2/15/2004