FreeBSD : FreeBSD -- Buffer overflow in stdio (74ded00e-6007-11e6-a6c3-14dae9d210b8)

Medium Nessus Plugin ID 92914


The remote FreeBSD host is missing a security-related update.


A programming error in the standard I/O library's __sflush() function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write(2) system call returns an error. Impact : The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow.

Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 92914

File Name: freebsd_pkg_74ded00e600711e6a6c314dae9d210b8.nasl

Version: $Revision: 2.1 $

Type: local

Published: 2016/08/12

Modified: 2016/08/12

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/08/11

Vulnerability Publication Date: 2014/12/10

Reference Information

CVE: CVE-2014-8611

BID: 71621

FreeBSD: SA-14:27.stdio