FreeBSD : SA-04:16.fetch
Critical Nessus Plugin ID 15761
SynopsisThe remote device is missing a vendor-supplied security patch
DescriptionThe remote host is running a version of FreeBSD which contains a flaw in the 'fetch' utility.
'fetch' is a command-line tool used to retrieve data at a given URL. It is used (among others) by the FreeBSD port collection.
There is an integer overflow condition in the processing of HTTP headers which may result in a buffer overflow.
An attacker may exploit this flaw to execute arbitrary commands on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote host into downloading a URL from a malicious web server using this utility.