FreeBSD : go -- remote denial of service (f2217cdf-01e4-11e6-b1ce-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jason Buberel reports :

Go has an infinite loop in several big integer routines that makes Go
programs vulnerable to remote denial of service attacks. Programs
using HTTPS client authentication or the Go ssh server libraries are
both exposed to this vulnerability.

See also :

http://www.openwall.com/lists/oss-security/2016/04/05/2
https://golang.org/cl/21533
http://www.nessus.org/u?1ce5a015

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90521 ()

Bugtraq ID:

CVE ID: CVE-2016-3959

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now