Detections
Analytics

FreeBSD : amaya -- multiple buffer overflow vulnerabilities (a89b76a7-f6bd-11dd-94d9-0030843d3802)

critical Nessus Plugin ID 56495

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia reports :

A boundary error when processing 'div' HTML tags can be exploited to cause a stack-based buffer overflow via an overly long 'id' parameter.

A boundary error exists when processing overly long links. This can be exploited to cause a stack-based buffer overflow by tricking the user into e.g. editing a malicious link.

A boundary error when processing e.g. a 'bdo' HTML tag having an overly long 'dir' attribute can be exploited to cause a stack-based buffer overflow.

A boundary error when processing 'input' HTML tags can be exploited to cause a stack-based buffer overflow via an overly long e.g. 'type' attribute.

Solution

Update the affected package.

See Also

http://www.bmgsec.com.au/advisory/41/

http://www.bmgsec.com.au/advisory/40/

http://www.coresecurity.com/content/amaya-buffer-overflows

http://www.nessus.org/u?d32cc0dc

Plugin Details

Severity: Critical

ID: 56495

File Name: freebsd_pkg_a89b76a7f6bd11dd94d90030843d3802.nasl

Version: 1.10

Type: local

Published: 10/14/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:amaya, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/9/2009

Vulnerability Publication Date: 11/25/2008

Exploitable With

Core Impact

Metasploit (Amaya Browser v11.0 "bdo" Tag Overflow)

Reference Information

CVE: CVE-2008-5282, CVE-2009-0323

CWE: 119

Secunia: 32848