FreeBSD : FreeBSD -- Buffer overflow in handling of UNIX socket addresses (f56390a4-4638-11e1-9f47-00e0815b8da8)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

When a UNIX-domain socket is attached to a location using the bind(2)
system call, the length of the provided path is not validated. Later,
when this address was returned via other system calls, it is copied
into a fixed-length buffer.

Linux uses a larger socket address structure for UNIX-domain sockets
than FreeBSD, and the FreeBSD's linux emulation code did not translate
UNIX-domain socket addresses into the correct size of structure.

See also :

http://www.nessus.org/u?1053803b

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57742 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now