FreeBSD : kpopup -- local root exploit and local denial of service (1613db79-8e52-11da-8426-000fea0a9611)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Mitre CVE reports :

Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2
allows local users to cause a denial of service (segmentation fault)
and possibly execute arbitrary code via format string specifiers in
command line arguments.

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing
killall, which allows local users to elevate their privileges by
modifying the PATH variable to reference a malicious killall program.

SecurityFocus credits 'b0f' [email protected]

See also :

http://www.securityfocus.com/archive/1/342736
http://www.henschelsoft.de/kpopup_en.html
http://www.nessus.org/u?b69899ea

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21390 (freebsd_pkg_1613db798e5211da8426000fea0a9611.nasl)

Bugtraq ID: 8915
8918

CVE ID: CVE-2003-1167
CVE-2003-1170

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now