FreeBSD : curl -- TFTP packet buffer overflow vulnerability (b8e361b8-b7ff-11da-8414-0013d4a4a40e)
High Nessus Plugin ID 21501
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Project cURL Security Advisory reports :
libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check.
This overflow happens if you pass in a URL with a TFTP protocol prefix ('tftp://'), using a valid host and a path part that is longer than 512 bytes.
The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above.
SolutionUpdate the affected packages.