FreeBSD : Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests (c9460380-81e3-11e7-93af-005056925db4)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

mnaberez reports :

supervisord can be configured to run an HTTP server on a TCP socket
and/or a Unix domain socket. The HTTP server is how supervisorctl
communicates with supervisord. If an HTTP server has been enabled, it
will always serve both HTML pages and an XML-RPC interface. A
vulnerability has been found where an authenticated client can send a
malicious XML-RPC request to supervisord that will run arbitrary shell
commands on the server. The commands will be run as the same user as
supervisord. Depending on how supervisord has been configured, this
may be root.

This vulnerability can only be exploited by an authenticated client or
if supervisord has been configured to run an HTTP server without
authentication. If authentication has not been enabled, supervisord
will log a message at the critical level every time it starts.

See also :

http://supervisord.org/changes.html
http://www.nessus.org/u?58123af6
http://www.nessus.org/u?ce723025

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 102508 ()

Bugtraq ID:

CVE ID: CVE-2017-11610

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now