FreeBSD : libarchive -- RCE vulnerability (2b4c8e1f-1609-11e6-b55e-b499baebfeaf)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The libarchive project reports :

Heap-based buffer overflow in the zip_read_mac_metadata function in
archive_read_support_format_zip.c in libarchive before 3.2.0 allows
remote attackers to execute arbitrary code via crafted entry-size
values in a ZIP archive.

See also :

http://www.nessus.org/u?865fee28
http://www.nessus.org/u?036be58b

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91026 ()

Bugtraq ID:

CVE ID: CVE-2016-1541

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now