FreeBSD : motion -- Denial of Service (94ffc0d9-1915-11eb-b809-b42e991fc52e)

high Nessus Plugin ID 142035

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

cxsecurity.com reports :

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request

Solution

Update the affected package.

See Also

https://cve-search.iicrai.org/cve/CVE-2020-26566

http://www.nessus.org/u?6a9665f0

Plugin Details

Severity: High

ID: 142035

File Name: freebsd_pkg_94ffc0d9191511ebb809b42e991fc52e.nasl

Version: 1.1

Type: local

Published: 10/29/2020

Updated: 10/29/2020

Dependencies: ssh_get_info.nasl

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:motion, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/28/2020

Vulnerability Publication Date: 10/5/2020