FreeBSD : atheme-services -- multiple vulnerabilities (e47ab5db-c333-11e6-ae1b-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Mitre reports :

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote
attackers to modify the Anope FLAGS behavior by registering and
dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

Buffer overflow in the xmlrpc_char_encode function in
modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows
remote attackers to cause a denial of service via vectors related to
XMLRPC response encoding.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209217
http://www.nessus.org/u?34af9c85
http://www.nessus.org/u?d6511750
http://www.nessus.org/u?6728f23c

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95909 ()

Bugtraq ID:

CVE ID: CVE-2014-9773
CVE-2016-4478

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now