Family: FreeBSD Local Security Checks --> Category: infos
FreeBSD : SA-04:16.fetch Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the FreeBSD
Detailed Explanation for this Vulnerability Test
The remote host is running a version of FreeBSD which contains a flaw in the
'fetch' is a command-line tool used to retrieve data at a given URL. It is used
(among others) by the FreeBSD port collection.
There is an integer overflow condition in the processing of HTTP headers
which may result in a buffer overflow.
A possible hacker may exploit this flaw to execute arbitrary commands on the remote
host. To exploit this flaw, a possible hacker would need to lure a victim on the remote
host into downloading a URL from a malicious web server using this utility.
Solution : http://www.vuxml.org/freebsd/759b8dfe-3972-11d9-a9e7-0001020eed82.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.