This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Tavis Ormandy reports :
The bash shell uses the value of the PS4 environment variable (after
expansion) as a prefix for commands run in execution trace mode.
Execution trace mode (xtrace) is normally set via bash's -x command
line option or interactively by running 'set -o xtrace'. However, it
may also be enabled by placing the string 'xtrace' in the SHELLOPTS
environment variable before bash is started.
A malicious user with sudo access to a shell script that uses bash can
use this feature to run arbitrary commands for each line of the
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 4.0
Public Exploit Available : true