FreeBSD : Bugzilla security issues (ea893f06-5a92-11e5-98c0-20cf30e32f6d)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Bugzilla Security Advisory

Login names (usually an email address) longer than 127 characters are
silently truncated in MySQL which could cause the domain name of the
email address to be corrupted. An attacker could use this
vulnerability to create an account with an email address different
from the one originally requested. The login name could then be
automatically added to groups based on the group's regular expression
setting.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=1202447
http://www.nessus.org/u?293a4c5f

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 85925 ()

Bugtraq ID:

CVE ID: CVE-2015-4499

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now