FreeBSD : neon format string vulnerabilities (84237895-8f39-11d8-8b29-0020ed76ef5a)
Medium Nessus Plugin ID 36636
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGreuff reports that the neon WebDAV client library contains several format string bugs within error reporting code. A malicious server may exploit these bugs by sending specially crafted PROPFIND or PROPPATCH responses.
Although several applications include neon, such as cadaver and subversion, the FreeBSD Ports of these applications are not impacted.
They are specifically configured to NOT use the included neon. Only packages listed as affected in this notice are believed to be impacted.
SolutionUpdate the affected packages.