Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> FreeBSD Local Security Checks >> FreeBSD : SA-04:16.fetch

Vulnerability Assessment Details

FreeBSD : SA-04:16.fetch

Vulnerability Assessment Summary
Check for the version of the FreeBSD

Detailed Explanation for this Vulnerability Assessment

The remote host is running a version of FreeBSD which contains a flaw in the
'fetch' utility.

'fetch' is a command-line tool used to retrieve data at a given URL. It is used
(among others) by the FreeBSD port collection.

There is an integer overflow condition in the processing of HTTP headers
which may result in a buffer overflow.

A possible hacker may exploit this flaw to execute arbitrary commands on the remote
host. To exploit this flaw, a possible hacker would need to lure a victim on the remote
host into downloading a URL from a malicious web server using this utility.

Solution :
Network Security Threat Level: High

Networks Security ID: 11702

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Cisco (CS-BOARD70S-M-K9) CISCO WEBEX BOARD 70S (MSRP) pictureCisco Systems SG110-16 Gigabit Switch Unused in original packaging.
Cisco Systems SG110-16 Gigabit Switch Unused in original packaging. pictureCisco C6800-16P10G-XL network switch module
Cisco C6800-16P10G-XL network switch module picture


No Discussions have been posted on this vulnerability.