FreeBSD : bsh -- remote code execution vulnerability (9e5bbffc-d8ac-11e5-b2bd-002590263bf5)

high Nessus Plugin ID 88877

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Stian Soiland-Reyes reports :

This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Munoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix!

An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source.

A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands.

This update fixes the vulnerability in BeanShell, but it is worth noting that applications doing such deserialization might still be insecure through other libraries. It is recommended that application developers take further measures such as using a restricted class loader when deserializing. See notes on Java serialization security XStream security and How to secure deserialization from untrusted input without using encryption or sealing.

Solution

Update the affected package.

See Also

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207334

https://github.com/beanshell/beanshell/releases/tag/2.0b6

http://www.nessus.org/u?24a28ce2

Plugin Details

Severity: High

ID: 88877

File Name: freebsd_pkg_9e5bbffcd8ac11e5b2bd002590263bf5.nasl

Version: 2.6

Type: local

Published: 2/22/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bsh, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/21/2016

Vulnerability Publication Date: 2/18/2016

Reference Information

CVE: CVE-2016-2510