FreeBSD : mbed TLS (PolarSSL) -- remote code execution (c2f107e1-2493-11e8-b3e8-001cc0382b2f)
High Nessus Plugin ID 107283
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSimon Butcher reports :
- When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet can be used to selectively corrupt 6 bytes on the peer's heap, potentially leading to a crash or remote code execution. This can be triggered remotely from either side in both TLS and DTLS.
- When RSASSA-PSS signature verification is enabled, sending a maliciously constructed certificate chain can be used to cause a buffer overflow on the peer's stack, potentially leading to crash or remote code execution. This can be triggered remotely from either side in both TLS and DTLS.
SolutionUpdate the affected packages.