FreeBSD : FreeBSD -- rtsold(8) remote buffer overflow vulnerability (72ee7111-6007-11e6-a6c3-14dae9d210b8)

critical Nessus Plugin ID 92908

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8). Impact : Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised host on the same network, can cause rtsold(8) to crash.

While it is theoretically possible to inject code into rtsold(8) through malformed router advertisement messages, it is normally compiled with stack protection enabled, rendering such an attack extremely difficult.

When rtsold(8) crashes, the existing DNS configuration will remain in force, and the kernel will continue to receive and process periodic router advertisements.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?094c1a08

Plugin Details

Severity: Critical

ID: 92908

File Name: freebsd_pkg_72ee7111600711e6a6c314dae9d210b8.nasl

Version: 2.3

Type: local

Published: 8/12/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 10/21/2014

Reference Information

CVE: CVE-2014-3954

BID: 70694

FreeBSD: SA-14:20.rtsold