FreeBSD : bogofilter -- heap corruption through excessively long words (b747b2a9-7be0-11da-8ec4-0002b3b60e4c)

High Nessus Plugin ID 21500


The remote FreeBSD host is missing a security-related update.


Matthias Andree reports :

Bogofilter's/bogolexer's input handling in version 0.96.2 was not keeping track of its output buffers properly and could overrun a heap buffer if the input contained words whose length exceeded 16,384 bytes, the size of flex's input buffer. A 'word' here refers to a contiguous run of input octets that was not '_' and did not match at least one of ispunct(), iscntrl() or isspace().


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 21500

File Name: freebsd_pkg_b747b2a97be011da8ec40002b3b60e4c.nasl

Version: $Revision: 1.8 $

Type: local

Published: 2006/05/13

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bogofilter, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2006/01/07

Vulnerability Publication Date: 2005/10/23

Reference Information

CVE: CVE-2005-4592