FreeBSD : gld -- format string and buffer overflow vulnerabilities (6c2d4f29-af3e-11d9-837d-000e0c2e438a)
Critical Nessus Plugin ID 18974
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionGld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities.
An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root.
The FreeBSD port defaults to running gld as the root user. The risk of exploitation can be minimized by making gld listen on the loopback address only, or configure it to only accept connections from trusted smtp servers.
SolutionUpdate the affected package.