FreeBSD : rssh -- format string vulnerability (1f826757-26be-11d9-ad2d-0050fc56d258)

high Nessus Plugin ID 37369

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

There is a format string bug in rssh that enables an attacker to execute arbitrary code from an account configured to use rssh. On FreeBSD it is only possible to compromise the rssh running account, not root.

Solution

Update the affected package.

See Also

http://www.pizzashack.org/rssh/security.shtml

https://marc.info/?l=bugtraq&m=109855982425122

http://www.nessus.org/u?040f9f62

Plugin Details

Severity: High

ID: 37369

File Name: freebsd_pkg_1f82675726be11d9ad2d0050fc56d258.nasl

Version: 1.12

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rssh, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/25/2004

Vulnerability Publication Date: 10/23/2004