Test ID:	1.3.6.1.4.1.25623.1.0.67716
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Security Advisory (FreeBSD-SA-10:07.mbuf.asc)
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-10:07.mbuf.asc
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:07.mbuf.asc Vulnerability Insight: An mbuf is a basic unit of memory management in the FreeBSD kernel inter-process communication and networking subsystem. Network packets and socket buffers are dependent on mbufs for their storage. Data can be embedded directly in mbufs, or mbufs can instead reference external buffers. The sendfile(2) system call uses external mbuf storage to directly map the contents of a file into a chain of mbufs for transmission purposes. The mbuf object supports a read-only flag that must be honored to prevent modification or writes to buffer data in cases like these. The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile(2) system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2693 BugTraq ID: 41577 http://www.securityfocus.com/bid/41577 FreeBSD Security Advisory: FreeBSD-SA-10:07 http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc http://www.securitytracker.com/id?1024182 http://secunia.com/advisories/40567 http://www.vupen.com/english/advisories/2010/1787
Copyright	Copyright (C) 2010 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.