FreeBSD : krfb -- Possible Denial of Service or code execution via integer overflow (be5421ab-1b56-11e4-a767-5453ed2e2b49)
High Nessus Plugin ID 76987
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionAlbert Aastals Cid reports :
krfb embeds libvncserver which embeds liblzo2, it contains various flaws that result in integer overflow problems.
This potentially allows a malicious application to create a possible denial of service or code execution. Due to the need to exploit precise details of the target architecture and threading it is unlikely that remote code execution can be achieved in practice.
SolutionUpdate the affected package.