FreeBSD : xv -- exploitable buffer overflows (fffacc93-16cb-11d9-bc4a-000c41e2cdad)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

In a Bugtraq posting, infamous41md(at)hotpop.com reported :

there are at least 5 exploitable buffer and heap overflows in the
image handling code. this allows someone to craft a malicious image,
trick a user into viewing the file in xv, and upon viewing that image
execute arbitrary code under privileges of the user viewing image.
note the AT LEAST part of the above sentence. there is such a plethora
of bad code that I just stopped reading after a while. there are at
least 100 calls to sprintf() and strcpy() with no regards for bounds
of buffers. 95% of these deal with program arguments or filenames, so
they are of no interest to exploit. however I just got sick of reading
this code after not too long. so im sure there are still other
overflows in the image handling code for other image types.

The posting also included an exploit.

See also :

http://marc.info/?l=bugtraq&m=109302498125092
http://www.nessus.org/u?9eaa2274

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 37817 (freebsd_pkg_fffacc9316cb11d9bc4a000c41e2cdad.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now