Detections
Analytics

FreeBSD : weechat -- Arbitrary shell command execution via scripts (81826d12-317a-11e2-9186-406186f3d89d)

high Nessus Plugin ID 62958

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Sebastien Helleu reports :

Untrusted command for function hook_process could lead to execution of commands, because of shell expansions.

Workaround with a non-patched version: remove/unload all scripts calling function hook_process (for maximum safety).

Solution

Update the affected packages.

See Also

https://weechat.org/doc/security/

https://savannah.nongnu.org/bugs/?37764

http://www.nessus.org/u?ce6e4f0e

Plugin Details

Severity: High

ID: 62958

File Name: freebsd_pkg_81826d12317a11e29186406186f3d89d.nasl

Version: 1.6

Type: local

Published: 11/19/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:weechat, p-cpe:/a:freebsd:freebsd:weechat-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/18/2012

Vulnerability Publication Date: 11/15/2012