Detections
Analytics

FreeBSD : unace -- multiple vulnerabilities (1d3a2737-7eb7-11d9-acf7-000854d03344)

medium Nessus Plugin ID 18860

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Ulf Harnhammar reports :

- There are buffer overflows when extracting, testing or listing specially prepared ACE archives.

- There are directory traversal bugs when extracting ACE archives.

- There are also buffer overflows when dealing with long (>17000 characters) command line arguments.

Secunia reports :

The vulnerabilities have been confirmed in version 1.2b. One of the buffer overflow vulnerabilities have also been reported in version 2.04, 2.2 and 2.5. Other versions may also be affected.

Successful exploitation may allow execution of arbitrary code.

Solution

Update the affected packages.

See Also

https://marc.info/?l=full-disclosure&m=110911451613135

http://www.nessus.org/u?e58488ce

Plugin Details

Severity: Medium

ID: 18860

File Name: freebsd_pkg_1d3a27377eb711d9acf7000854d03344.nasl

Version: 1.20

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-unace, p-cpe:/a:freebsd:freebsd:unace, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/22/2005

Vulnerability Publication Date: 2/14/2005

Reference Information

CVE: CVE-2005-0160, CVE-2005-0161

CERT: 215006

Secunia: 14359