FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Tavis Ormandy reports :

The bash shell uses the value of the PS4 environment variable (after
expansion) as a prefix for commands run in execution trace mode.
Execution trace mode (xtrace) is normally set via bash's -x command
line option or interactively by running 'set -o xtrace'. However, it
may also be enabled by placing the string 'xtrace' in the SHELLOPTS
environment variable before bash is started.

A malicious user with sudo access to a shell script that uses bash can
use this feature to run arbitrary commands for each line of the
script.

See also :

http://www.courtesan.com/sudo/alerts/bash_env.html
http://www.nessus.org/u?2bd6e836

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21392 (freebsd_pkg_1b7250799ef611dab410000e0c2e438a.nasl)

Bugtraq ID: 15191

CVE ID: CVE-2005-2959

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now