FreeBSD : konversation -- shell script command injection (5c7bb4dd-6a56-11d9-97ec-000c6e8f12ef)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Konversation comes with Perl scripts that do not properly escape shell
characters on executing a script. This makes it possible to attack
Konversation with shell script command injection.

See also :

http://marc.info/?l=full-disclosure&m=110616016509114
http://www.nessus.org/u?16165742

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18948 (freebsd_pkg_5c7bb4dd6a5611d997ec000c6e8f12ef.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0129
CVE-2005-0130
CVE-2005-0131

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now