FreeBSD : apache-xml-security-c -- heap overflow (279e5f4b-d823-11e2-928e-08002798f6ff)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Apache Software Foundation reports :

A heap overflow exists in the processing of the PrefixList attribute
optionally used in conjunction with Exclusive Canonicalization,
potentially allowing arbitary code execution. If verification of the
signature occurs prior to actual evaluation of a signing key, this
could be exploited by an unauthenticated attacker.

See also :

http://santuario.apache.org/secadv.data/CVE-2013-2156.txt
http://www.nessus.org/u?1c7b7bac

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 66918 ()

Bugtraq ID:

CVE ID: CVE-2013-2156

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now