FreeBSD : Botan BER Decoder vulnerabilities (2004616d-f66c-11e5-b94c-001999f8d30b)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The botan developers reports :

Excess memory allocation in BER decoder - The BER decoder would
allocate a fairly arbitrary amount of memory in a length field, even
if there was no chance the read request would succeed. This might
cause the process to run out of memory or invoke the OOM killer.

Crash in BER decoder - The BER decoder would crash due to reading from
offset 0 of an empty vector if it encountered a BIT STRING which did
not contain any data at all. This can be used to easily crash
applications reading untrusted ASN.1 data, but does not seem
exploitable for code execution.

See also :

http://botan.randombit.net/security.html
http://www.nessus.org/u?0e2c77ff

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90286 ()

Bugtraq ID:

CVE ID: CVE-2015-5726
CVE-2015-5727

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now