FreeBSD : lighttpd -- multiple vulnerabilities (90b27045-9530-11e3-9d09-000c2980a9f3)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

lighttpd security advisories report :

It is possible to inadvertantly enable vulnerable ciphers when using

In certain cases setuid() and similar can fail, potentially triggering
lighttpd to restart running as root.

If FAMMonitorDirectory fails, the memory intended to store the context
is released; some lines below the 'version' compoment of that context
is read. Reading invalid data doesn't matter, but the memory access
could trigger a segfault.

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.6

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 72494 ()

Bugtraq ID:

CVE ID: CVE-2013-4508

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now