FreeBSD : fetchmail -- heap overflow on verbose X.509 display (2a6a966f-1774-11df-b5c1-0026189baca3)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthias Andree reports :

In verbose mode, fetchmail prints X.509 certificate subject and issuer
information to the user, and counts and allocates a malloc() buffer
for that purpose.

If the material to be displayed contains characters with high bit set
and the platform treats the 'char' type as signed, this can cause a
heap buffer overrun because non-printing characters are escaped as
\xFF..FFnn, where nn is 80..FF in hex.

See also :

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 44600 (freebsd_pkg_2a6a966f177411dfb5c10026189baca3.nasl)

Bugtraq ID: 38088

CVE ID: CVE-2010-0562

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now