FreeBSD : SoX buffer overflows when handling .WAV files (3e4ffe76-e0d4-11d8-9b0a-000347a4fa7d)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Ulf Harnhammar discovered a pair of buffer overflows in the WAV file
handling code of SoX. If an attacker can cause her victim to process a
specially crafted WAV file with SoX (e.g. through social engineering
or through some other program that relies on SoX), arbitrary code can
be executed with the privileges of the victim.

See also :

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html
http://www.nessus.org/u?9abfc50a

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36863 (freebsd_pkg_3e4ffe76e0d411d89b0a000347a4fa7d.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0557

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now