FreeBSD : kauth: Local privilege escalation (0baee383-356c-11e7-b9a9-50e549ebab6c)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Albert Astals Cid reports :

KAuth contains a logic flaw in which the service invoking dbus is not
properly checked. This allows spoofing the identity of the caller and
with some carefully crafted calls can lead to gaining root from an
unprivileged account.

See also :

http://www.openwall.com/lists/oss-security/2017/05/10/3
https://www.kde.org/info/security/advisory-20170510-1.txt
http://www.nessus.org/u?daf4456a

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100113 ()

Bugtraq ID:

CVE ID: CVE-2017-8422

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now