Detections
Analytics
FreeBSD : Sane -- Multiple Vulnerabilities (28481349-7e20-4f80-ae1e-e6bf48d4f17c)
high Nessus Plugin ID 136955
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
The Sane Project reports :epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory management issues found while addressing that CVE
epsonds: addresses out-of-bound memory access issues to fix CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) and disables network autodiscovery to mitigate CVE-2020-12866 (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 (GHSL-2020-081). Note that this backend does not support network scanners to begin with.
magicolor: fixes a floating point exception and uninitialized data read
fixes an overflow in sanei_tcp_read()
Solution
Update the affected package.See Also
Plugin Details
Severity: High
ID: 136955
File Name: freebsd_pkg_284813497e204f80ae1ee6bf48d4f17c.nasl
Version: 1.5
Type: local
Family: FreeBSD Local Security Checks
Published: 5/29/2020
Updated: 3/8/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.9
Temporal Score: 6.2
Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-12861
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:sane-backends, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/28/2020
Vulnerability Publication Date: 5/17/2020
Reference Information
CVE: CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867