FreeBSD : LibreSSL -- Memory leak and buffer overflow (e75a96df-73ca-11e5-9b45-b499baebfeaf)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Qualys reports :

During the code review of OpenSMTPD a memory leak and buffer overflow
(an off-by-one, usually stack-based) were discovered in LibreSSL's
OBJ_obj2txt() function. This function is called automatically during a
TLS handshake (both client-side, unless an anonymous mode is used, and
server-side, if client authentication is requested).

See also :

http://marc.info/?l=openbsd-announce&m=144495690528446
http://www.nessus.org/u?4c07f0e5

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86434 ()

Bugtraq ID:

CVE ID: CVE-2015-5333
CVE-2015-5334

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now