FreeBSD : kstars -- exploitable set-user-ID application fliccd (0512b761-70fb-40d3-9954-aa4565528fa8)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A KDE Security Advisory explains : Overview KStars includes support
for the Instrument Neutral Distributed Interface (INDI). The build
system of this extra 3rd party software contained an installation hook
to install fliccd (part of INDI) as SUID root application.

Erik Sjolund discovered that the code contains several
vulnerabilities that allow stack based buffer overflows. Impact If the
fliccd binary is installed as suid root, it enables root privilege
escalation for local users, or, if the daemon is actually running
(which it does not by default) and is running as root, remote root
privilege escalation.

See also :

http://www.kde.org/info/security/advisory-20050215-1.txt
http://www.nessus.org/u?662e5346

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18826 (freebsd_pkg_0512b76170fb40d39954aa4565528fa8.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0011

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now