FreeBSD : FreeBSD -- Multiple vulnerabilities in bzip2 (3c7edc7a-f680-11e9-a87f-a4badb2f4699)

high Nessus Plugin ID 130240

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file.

bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. Impact : An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code.

Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally;
system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?34325a56

Plugin Details

Severity: High

ID: 130240

File Name: freebsd_pkg_3c7edc7af68011e9a87fa4badb2f4699.nasl

Version: 1.3

Type: local

Published: 10/25/2019

Updated: 12/18/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 10/24/2019

Vulnerability Publication Date: 8/6/2019

Reference Information

CVE: CVE-2016-3189, CVE-2019-1290

FreeBSD: SA-19:18.bzip2