FreeBSD : ghostscript -- buffer overflow vulnerability (f0f97b94-3f95-11de-a3fd-0030843d3802)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

SecurityFocus reports :

Ghostscript is prone to a remote buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied input before copying
it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive
memory buffer with arbitrary data, potentially allowing them to
execute malicious machine code in the context of the affected
application. This vulnerability may facilitate the compromise of
affected computers.

See also :

http://www.nessus.org/u?709f2ac3

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 38763 (freebsd_pkg_f0f97b943f9511dea3fd0030843d3802.nasl)

Bugtraq ID: 34340

CVE ID: CVE-2008-6679

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now