FreeBSD : libotr -- buffer overflows (c651c898-e90d-11e1-b230-0024e830109b)

medium Nessus Plugin ID 61589

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

OTR developers report :

The otrl_base64_otr_decode() function and similar functions within OTR suffer from buffer overflows in the case of malformed input;
specifically if a message of the format of '?OTR:===.' is received then a zero-byte allocation is performed without a similar correlation between the subsequent base64 decoding write, as such it becomes possible to write between zero and three bytes incorrectly to the heap, albeit only with a value of '='.

Because this code path is highly utilized, specifically in the reception of instant messages over pidgin or similar, this vulnerability is considered severe even though in many platforms and circumstances the bug would yield an unexploitable state and result simply in denial of service.

The developers of OTR promptly fixed the errors and users of OTR are advised to upgrade the software at the next release cycle.

Solution

Update the affected package.

See Also

https://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html

http://www.nessus.org/u?0f20b7b0

Plugin Details

Severity: Medium

ID: 61589

File Name: freebsd_pkg_c651c898e90d11e1b2300024e830109b.nasl

Version: 1.7

Type: local

Published: 8/20/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libotr, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/18/2012

Vulnerability Publication Date: 7/27/2012

Reference Information

CVE: CVE-2012-3461