FreeBSD : privoxy -- multiple vulnerabilities (89d4ed09-c3d7-11e5-b5fe-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Privoxy Developers reports :

Fixed a memory leak when rejecting client connections due to the
socket limit being reached (CID 66382). This affected Privoxy 3.0.21
when compiled with IPv6 support (on most platforms this is the
default).

Fixed an immediate-use-after-free bug (CID 66394) and two additional
unconfirmed use-after-free complaints made by Coverity scan (CID
66391, CID 66376).

MITRE reports :

Privoxy before 3.0.22 allows remote attackers to cause a denial of
service (file descriptor consumption) via unspecified vectors.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195468
http://www.privoxy.org/3.0.22/user-manual/whatsnew.html
http://www.openwall.com/lists/oss-security/2015/01/11/1
http://www.nessus.org/u?5483cfea

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 88150 ()

Bugtraq ID:

CVE ID: CVE-2015-1030
CVE-2015-1031
CVE-2015-1201

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now