FreeBSD : spamdyke -- Buffer Overflow Vulnerabilities (7d2336c2-4607-11e1-9f47-00e0815b8da8)

High Nessus Plugin ID 57647


The remote FreeBSD host is missing a security-related update.


Secunia reports :

Fixed a number of very serious errors in the usage of snprintf()/vsnprintf().

The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that *could* be printed if the buffer were of infinite size. Because the returned value could be larger than the buffer's size, this meant remotely exploitable buffer overflows were possible, depending on spamdyke's configuration.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 57647

File Name: freebsd_pkg_7d2336c2460711e19f4700e0815b8da8.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/01/24

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:spamdyke, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/01/23

Vulnerability Publication Date: 2012/01/15

Reference Information

CVE: CVE-2012-0802

Secunia: 47548