Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> FreeBSD Local Security Checks >> FreeBSD : SA-04:16.fetch


Vulnerability Assessment Details

FreeBSD : SA-04:16.fetch

Vulnerability Assessment Summary
Check for the version of the FreeBSD

Detailed Explanation for this Vulnerability Assessment

The remote host is running a version of FreeBSD which contains a flaw in the
'fetch' utility.

'fetch' is a command-line tool used to retrieve data at a given URL. It is used
(among others) by the FreeBSD port collection.

There is an integer overflow condition in the processing of HTTP headers
which may result in a buffer overflow.

A possible hacker may exploit this flaw to execute arbitrary commands on the remote
host. To exploit this flaw, a possible hacker would need to lure a victim on the remote
host into downloading a URL from a malicious web server using this utility.

Solution : http://www.vuxml.org/freebsd/759b8dfe-3972-11d9-a9e7-0001020eed82.html
Network Security Threat Level: High

Networks Security ID: 11702

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Cisco 2960G Series WS-C2960G-24TC-L 24-Port Gigabit Switch w/ Ears - QTY+
$40.85
Cisco 2960G Series WS-C2960G-24TC-L 24-Port Gigabit Switch w/ Ears - QTY+ pictureEnGenius EGS7252FP 48-Port Gigabit PoE+ L2 Managed Switch w/4 Dual-Speed SFP
$400.0
EnGenius EGS7252FP 48-Port Gigabit PoE+ L2 Managed Switch w/4 Dual-Speed SFP pictureIBM / CISCO NEXUS 4001I SWITCH MODULE FOR L 46C9270-NEW
$325.0
IBM / CISCO NEXUS 4001I SWITCH MODULE FOR L 46C9270-NEW pictureCISCO WS-C3750E-48TD-S 48-Port Gigabit L3 Switch w/ 2x CVR-X2-SFP 10G Module+
$139.65
CISCO WS-C3750E-48TD-S 48-Port Gigabit L3 Switch w/ 2x CVR-X2-SFP 10G Module+ picture


Discussions

No Discussions have been posted on this vulnerability.