FreeBSD : krfb -- Possible Denial of Service or code execution via integer overflow (be5421ab-1b56-11e4-a767-5453ed2e2b49)

High Nessus Plugin ID 76987


The remote FreeBSD host is missing a security-related update.


Albert Aastals Cid reports :

krfb embeds libvncserver which embeds liblzo2, it contains various flaws that result in integer overflow problems.

This potentially allows a malicious application to create a possible denial of service or code execution. Due to the need to exploit precise details of the target architecture and threading it is unlikely that remote code execution can be achieved in practice.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 76987

File Name: freebsd_pkg_be5421ab1b5611e4a7675453ed2e2b49.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2014/08/04

Modified: 2014/08/04

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:krfb, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2014/08/03

Vulnerability Publication Date: 2014/08/03

Reference Information

CVE: CVE-2014-4607