FreeBSD : bro -- integer overflow allows remote DOS (044cff62-ed8b-4e72-b102-18a7d58a669f)

High Nessus Plugin ID 106879

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Philippe Antoine of Catena cyber :

This is a security release that fixes an integer overflow in code generated by binpac. This issue can be used by remote attackers to crash Bro (i.e. a DoS attack). There also is a possibility this can be exploited in other ways. (CVE pending.)

Solution

Update the affected package.

See Also

http://blog.bro.org/2018/02/bro-253-released-security-update.html

http://www.nessus.org/u?1a70ce26

Plugin Details

Severity: High

ID: 106879

File Name: freebsd_pkg_044cff62ed8b4e72b10218a7d58a669f.nasl

Version: 3.2

Type: local

Published: 2018/02/20

Modified: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bro, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2018/02/16

Vulnerability Publication Date: 2018/02/14