FreeBSD : krfb -- Possible Denial of Service or code execution via integer overflow (be5421ab-1b56-11e4-a767-5453ed2e2b49)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Albert Aastals Cid reports :

krfb embeds libvncserver which embeds liblzo2, it contains various
flaws that result in integer overflow problems.

This potentially allows a malicious application to create a possible
denial of service or code execution. Due to the need to exploit
precise details of the target architecture and threading it is
unlikely that remote code execution can be achieved in practice.

See also :

http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2
http://www.nessus.org/u?e3d21c5a

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 76987 ()

Bugtraq ID:

CVE ID: CVE-2014-4607

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now