FreeBSD : upnp -- multiple vulnerabilities (2ea6ce3d-6afd-11e2-9d4e-bcaec524bf84)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Project changelog reports :

This patch addresses three possible buffer overflows in function
unique_service_name().The three issues have the folowing CVE numbers :

- CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf

- CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN

- CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN

Notice that the following issues have already been dealt by previous
work :

- CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN

- CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType

- CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN

- CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType

- CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType

See also :

http://www.nessus.org/u?a1af399d
https://www.tenable.com/security/research/tra-2017-10

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 64374 ()

Bugtraq ID:

CVE ID: CVE-2012-5958
CVE-2012-5959
CVE-2012-5960
CVE-2012-5961
CVE-2012-5962
CVE-2012-5963
CVE-2012-5964
CVE-2012-5965

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now