FreeBSD : cURL -- multiple vulnerabilities (765feb7d-a0d1-11e6-a881-b499baebfeaf)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The cURL project reports

- cookie injection for other servers

- case insensitive password comparison

- OOB write via unchecked multiplication

- double-free in curl_maprintf

- double-free in krb5 code

- glob parser write/read out of bounds

- curl_getdate read out of bounds

- URL unescape heap overflow via integer truncation

- Use-after-free via shared cookies

- invalid URL parsing with '#'

- IDNA 2003 makes curl use wrong host

See also :

https://curl.haxx.se/docs/security.html
http://www.nessus.org/u?e709494c

Solution :

Update the affected package.

Risk factor :

High

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now