FreeBSD : xmms -- Integer Overflow And Underflow Vulnerabilities (20e23b65-a52e-11e3-ae3a-00224d7c32a2)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Secunia Research has discovered two vulnerabilities in XMMS, which can
be exploited by malicious people to compromise a user's system.

1) An integer underflow error exists in the processing of skin bitmap
images. This can be exploited to cause a stack-based buffer overflow
via specially crafted skin images containing manipulated header
information.

Successful exploitation allows execution of arbitrary code.

2) An integer overflow error exists in the processing of skin bitmap
images. This can be exploited to cause memory corruption via specially
crafted skin images containing manipulated header information.

Successful exploitation may allow the execution of arbitrary code.

See also :

http://www.nessus.org/u?4e372a32

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 72872 ()

Bugtraq ID:

CVE ID: CVE-2007-0653
CVE-2007-0654

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now