FreeBSD : libotr -- buffer overflows (c651c898-e90d-11e1-b230-0024e830109b)

NASLDB: FreeBSD : libotr -- buffer overflows (c651c898-e90d-11e1-b230-0024e830109b)

General

ID: 61589
Name: FreeBSD : libotr — buffer overflows (c651c898-e90d-11e1-b230-0024e830109b)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

OTR developers report :

The otrl_base64_otr_decode() function and similar functions within OTR
suffer from buffer overflows in the case of malformed input;
specifically if a message of the format of ‘?OTR:===.’ is received
then a zero-byte allocation is performed without a similar correlation
between the subsequent base64 decoding write, as such it becomes
possible to write between zero and three bytes incorrectly to the
heap, albeit only with a value of ‘=’.

Because this code path is highly utilized, specifically in the
reception of instant messages over pidgin or similar, this
vulnerability is considered severe even though in many platforms and
circumstances the bug would yield an unexploitable state and result
simply in denial of service.

The developers of OTR promptly fixed the errors and users of OTR are
advised to upgrade the software at the next release cycle.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3461
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/07/27
Patch Release: 2012/08/18
Plugin Release: 2012/08/20

Plugin

Version: 1.2
Filename: freebsd_pkg_c651c898e90d11e1b2300024e830109b.nasl
Filesize: 4911 bytes
MD5 Hash: b6bfeb1a589ec5c2152de33b87bdafe2

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG