FreeBSD : ruby -- Heap Overflow in Floating Point Parsing (cc9043cf-7f7a-426e-b2cc-8d1980618113)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Ruby developers report :

Any time a string is converted to a floating point value, a specially
crafted string can cause a heap overflow. This can lead to a denial of
service attack via segmentation faults and possibly arbitrary code
execution. Any program that converts input of unknown origin to
floating point values (especially common when accepting JSON) are
vulnerable.

See also :

http://www.nessus.org/u?ed972263
http://www.nessus.org/u?e96b5583
http://www.nessus.org/u?d4228a76

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 71072 ()

Bugtraq ID:

CVE ID: CVE-2013-4164

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now