FreeBSD : libpng stack-based buffer overflow and other code concerns (f9e3e60b-e650-11d8-9b0a-000347a4fa7d)

critical Nessus Plugin ID 36897

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).

Solution

Update the affected packages.

See Also

https://www.securityfocus.com/archive/1/370853

http://scary.beasts.org/security/CESA-2004-001.txt

https://bugzilla.mozilla.org/show_bug.cgi?id=251381

http://www.nessus.org/u?0481eb4e

http://dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt

http://www.nessus.org/u?5ace326c

Plugin Details

Severity: Critical

ID: 36897

File Name: freebsd_pkg_f9e3e60be65011d89b0a000347a4fa7d.nasl

Version: 1.17

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-netscape7, p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:fr-netscape7, p-cpe:/a:freebsd:freebsd:ja-netscape-communicator-linux, p-cpe:/a:freebsd:freebsd:ja-netscape-navigator-linux, p-cpe:/a:freebsd:freebsd:ja-netscape7, p-cpe:/a:freebsd:freebsd:ko-netscape-communicator-linux, p-cpe:/a:freebsd:freebsd:ko-netscape-navigator-linux, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:linux-netscape-communicator, p-cpe:/a:freebsd:freebsd:linux-netscape-navigator, p-cpe:/a:freebsd:freebsd:linux-png, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:mozilla-gtk1, p-cpe:/a:freebsd:freebsd:netscape-communicator, p-cpe:/a:freebsd:freebsd:netscape-navigator, p-cpe:/a:freebsd:freebsd:netscape7, p-cpe:/a:freebsd:freebsd:png, p-cpe:/a:freebsd:freebsd:pt_BR-netscape7, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/4/2004

Vulnerability Publication Date: 8/4/2004

Reference Information

CVE: CVE-2004-0597, CVE-2004-0598, CVE-2004-0599