FreeBSD : OpenSMTPD -- multiple vulnerabilities (ee7bdf7f-11bb-4eea-b054-c692ab848c20)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

OpenSMTPD developers report :

an oversight in the portable version of fgetln() that allows attackers
to read and write out-of-bounds memory

multiple denial-of-service vulnerabilities that allow local users to
kill or hang OpenSMTPD

a stack-based buffer overflow that allows local users to crash
OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user

a hardlink attack (or race-conditioned symlink attack) that allows
local users to unset the chflags() of arbitrary files

a hardlink attack that allows local users to read the first line of
arbitrary files (for example, root's hash from /etc/master.passwd)

a denial-of-service vulnerability that allows remote attackers to fill
OpenSMTPD's queue or mailbox hard-disk partition

an out-of-bounds memory read that allows remote attackers to crash
OpenSMTPD, or leak information and defeat the ASLR protection

a use-after-free vulnerability that allows remote attackers to crash
OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user

See also :

https://www.opensmtpd.org/announces/release-5.7.2.txt
http://www.nessus.org/u?badf8e09

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86268 ()

Bugtraq ID:

CVE ID: CVE-2015-7687

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now