FreeBSD : libotr -- buffer overflows (c651c898-e90d-11e1-b230-0024e830109b)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

OTR developers report :

The otrl_base64_otr_decode() function and similar functions within OTR
suffer from buffer overflows in the case of malformed input;
specifically if a message of the format of '?OTR:===.' is received
then a zero-byte allocation is performed without a similar correlation
between the subsequent base64 decoding write, as such it becomes
possible to write between zero and three bytes incorrectly to the
heap, albeit only with a value of '='.

Because this code path is highly utilized, specifically in the
reception of instant messages over pidgin or similar, this
vulnerability is considered severe even though in many platforms and
circumstances the bug would yield an unexploitable state and result
simply in denial of service.

The developers of OTR promptly fixed the errors and users of OTR are
advised to upgrade the software at the next release cycle.

See also :

http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html
http://www.nessus.org/u?d848addd

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 61589 ()

Bugtraq ID:

CVE ID: CVE-2012-3461

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now