FreeBSD : FreeBSD -- rtsold(8) remote buffer overflow vulnerability (72ee7111-6007-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Due to a missing length check in the code that handles DNS parameters,
a malformed router advertisement message can result in a stack buffer
overflow in rtsold(8). Impact : Receipt of a router advertisement
message with a malformed DNSSL option, for instance from a compromised
host on the same network, can cause rtsold(8) to crash.

While it is theoretically possible to inject code into rtsold(8)
through malformed router advertisement messages, it is normally
compiled with stack protection enabled, rendering such an attack
extremely difficult.

When rtsold(8) crashes, the existing DNS configuration will remain in
force, and the kernel will continue to receive and process periodic
router advertisements.

See also :

http://www.nessus.org/u?afac90a7

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92908 ()

Bugtraq ID: 70694

CVE ID: CVE-2014-3954

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now