FreeBSD : Enhanced cTorrent -- stack-based overflow (83d7d149-b965-11de-a515-0022156e8794)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Securityfocus reports :

cTorrent and dTorrent are prone to a remote buffer-overflow
vulnerability because the software fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.

Successful exploits allow remote attackers to execute arbitrary
machine code in the context of a vulnerable application. Failed
exploit attempts will likely result in denial-of-service conditions.

See also :

http://www.nessus.org/u?10585669
http://www.nessus.org/u?3eba5dbf

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 42310 (freebsd_pkg_83d7d149b96511dea5150022156e8794.nasl)

Bugtraq ID: 34584

CVE ID: CVE-2009-1759

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now