FreeBSD : fetchmail -- heap overflow on verbose X.509 display (2a6a966f-1774-11df-b5c1-0026189baca3)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthias Andree reports :

In verbose mode, fetchmail prints X.509 certificate subject and issuer
information to the user, and counts and allocates a malloc() buffer
for that purpose.

If the material to be displayed contains characters with high bit set
and the platform treats the 'char' type as signed, this can cause a
heap buffer overrun because non-printing characters are escaped as
\xFF..FFnn, where nn is 80..FF in hex.

See also :

http://www.fetchmail.info/fetchmail-SA-2010-01.txt
http://www.nessus.org/u?0aa78125
http://www.nessus.org/u?31505b77

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 44600 (freebsd_pkg_2a6a966f177411dfb5c10026189baca3.nasl)

Bugtraq ID: 38088

CVE ID: CVE-2010-0562

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now