FreeBSD : plib -- remote code execution via buffer overflow (ba51c2f7-5b43-11e1-8288-00262d5ed8ee)

high Nessus Plugin ID 58021

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Secunia reports :

A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to a boundary error within the 'ulSetError()' function (src/util/ulError.cxx) when creating the error message, which can be exploited to overflow a static buffer.

Successful exploitation allows the execution of arbitrary code but requires that the attacker can e.g. control the content of an overly long error message passed to the 'ulSetError()' function.

The vulnerability is confirmed in version 1.8.5. Other versions may also be affected.

Solution

Update the affected packages.

See Also

http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79

http://www.nessus.org/u?0a1d7475

Plugin Details

Severity: High

ID: 58021

File Name: freebsd_pkg_ba51c2f75b4311e1828800262d5ed8ee.nasl

Version: 1.5

Type: local

Published: 2/20/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:plib, p-cpe:/a:freebsd:freebsd:torcs, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/19/2012

Vulnerability Publication Date: 12/21/2011

Reference Information

CVE: CVE-2011-4620

Secunia: 47297