FreeBSD : golddig -- local buffer overflow vulnerabilities (949c470e-528f-11d9-ac20-00065be4b5b6)

medium Nessus Plugin ID 19035

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems.

The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution

The second overflow exists in the username processing while writing the players score to disk. Excessivly long usernames, set via the USER environment variable, are stored without any length checks in a memory buffer.

Solution

Update the affected package.

See Also

https://docs.freebsd.org/cgi/mid.cgi?200412021055.iB2AtweU067125

http://www.nessus.org/u?30b9551d

Plugin Details

Severity: Medium

ID: 19035

File Name: freebsd_pkg_949c470e528f11d9ac2000065be4b5b6.nasl

Version: 1.14

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:golddig, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/3/2005

Vulnerability Publication Date: 11/11/2004

Reference Information

CVE: CVE-2005-0121