FreeBSD : apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) (cae01d7b-110d-11df-955a-00219b0fc4d8)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Apache ChangeLog reports :

Integer overflow in the ap_proxy_send_fb function in
proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before
1.3.42 on 64-bit platforms allows remote origin servers to cause a
denial of service (daemon crash) or possibly execute arbitrary code
via a large chunk size that triggers a heap-based buffer overflow.

See also :

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010
http://www.security-database.com/detail.php?alert=CVE-2010-0010
http://security-tracker.debian.org/tracker/CVE-2010-0010
http://www.vupen.com/english/Reference-CVE-2010-0010.php
http://www.nessus.org/u?b6f68bf7

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 44390 (freebsd_pkg_cae01d7b110d11df955a00219b0fc4d8.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now