FreeBSD : id Tech 3 -- remote code execution vulnerability (e48355d7-1548-11e7-8611-0090f5f2f347)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The content auto-download of id Tech 3 can be used to deliver
maliciously crafted content, that triggers downloading of further
content and loading and executing it as native code with user
credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the
original Quake 3 Arena and other forks.

See also :

http://www.nessus.org/u?98432f98
http://www.nessus.org/u?6a411825

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 99259 ()

Bugtraq ID:

CVE ID: CVE-2017-6903

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now