Lucene search

K

FreeBSD : iperf3 -- buffer overflow (d6bbf2d8-2cfc-11e6-800b-080027468580)

FreeBSD iperf3 buffer overflow in control channel processing can lead to denial of service or remote code execution

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OSV
iperf3 vulnerability
15 Mar 202121:06
osv
OSV
iperf-3.1.3-1.3 on GA media
15 Jun 202400:00
osv
OSV
iperf3 - security update
27 Jan 202000:00
osv
OpenVAS
Fedora Update for iperf3 FEDORA-2016-45402a6f3b
19 Jun 201600:00
openvas
OpenVAS
Fedora Update for iperf3 FEDORA-2016-d67864115d
19 Jun 201600:00
openvas
OpenVAS
Debian: Security Advisory (DLA-2080-1)
28 Jan 202000:00
openvas
OpenVAS
Ubuntu: Security Advisory (USN-4788-1)
27 Jan 202300:00
openvas
OpenVAS
Fedora Update for iperf3 FEDORA-2016-9693e82a25
19 Jun 201600:00
openvas
OpenVAS
Mageia: Security Advisory (MGASA-2016-0235)
28 Jan 202200:00
openvas
Talos
ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability
8 Jun 201600:00
talos
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91527);
  script_version("2.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2016-4303");

  script_name(english:"FreeBSD : iperf3 -- buffer overflow (d6bbf2d8-2cfc-11e6-800b-080027468580)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"ESnet reports :

A malicious process can connect to an iperf3 server and, by sending a
malformed message on the control channel, corrupt the server process's
heap area. This can lead to a crash (and a denial of service), or
theoretically a remote code execution as the user running the iperf3
server. A malicious iperf3 server could potentially mount a similar
attack on an iperf3 client."
  );
  # https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7b116c0a"
  );
  # https://vuxml.freebsd.org/freebsd/d6bbf2d8-2cfc-11e6-800b-080027468580.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?20ec0ec8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:iperf3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"iperf3>=3.1<3.1.3")) flag++;
if (pkg_test(save_report:TRUE, pkg:"iperf3>=3.0<3.0.12")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Jun 2016 00:00Current
0.3Low risk
Vulners AI Score0.3
CVSS39.8
EPSS0.025
26
.json
Report