FreeBSD : spamdyke -- Buffer Overflow Vulnerabilities (7d2336c2-4607-11e1-9f47-00e0815b8da8)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Fixed a number of very serious errors in the usage of
snprintf()/vsnprintf().

The return value was being used as the length of the string printed
into the buffer, but the return value really indicates the length of
the string that *could* be printed if the buffer were of infinite
size. Because the returned value could be larger than the buffer's
size, this meant remotely exploitable buffer overflows were possible,
depending on spamdyke's configuration.

See also :

http://www.spamdyke.org/documentation/Changelog.txt
http://www.nessus.org/u?ced17414

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57647 ()

Bugtraq ID:

CVE ID: CVE-2012-0802

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now