FreeBSD : greed -- insecure GRX file processing (bd579366-5290-11d9-ac20-00065be4b5b6)
Critical Nessus Plugin ID 19102
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA buffer overflow vulnerability has been detected in the greed URL handling code. This bug can especially be a problem when greed is used to process GRX (GetRight) files that originate from untrusted sources.
The bug finder, Manigandan Radhakrishnan, gave the following description :
Here are the bugs. First, in main.c, DownloadLoop() uses strcat() to copy an input filename to the end of a 128-byte COMMAND array. Second, DownloadLoop() passes the input filename to system() without checking for special characters such as semicolons.
SolutionUpdate the affected package.