FreeBSD : mDNSResponder -- corrupted stack crash when parsing bad resolv.conf (1cd87e2a-81e3-11df-81d8-00262d5ed8ee)

High Nessus Plugin ID 47142


The remote FreeBSD host is missing a security-related update.


Juli Mallett reports :

mdnsd will crash on some systems with a corrupt stack and once that's fixed it will still leak a file descriptor when parsing resolv.conf.
The crash is because scanf is used with %10s for a buffer that is only 10 chars long. The buffer size needs increased to 11 chars to hold the trailing NUL. To fix the leak, an fclose needs added.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 47142

File Name: freebsd_pkg_1cd87e2a81e311df81d800262d5ed8ee.nasl

Version: $Revision: 1.7 $

Type: local

Published: 2010/06/28

Modified: 2015/10/27

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mDNSResponder, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/06/27

Vulnerability Publication Date: 2010/05/26