FreeBSD : scponly -- local privilege escalation exploits (b5a49db7-72fc-11da-9827-021106004fd6)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Max Vozeler reports :

If ALL the following conditions are true, administrators using
scponly-4.1 or older may be at risk of a local privilege escalation
exploit :

- the chrooted setuid scponlyc binary is installed

- regular non-scponly users have interactive shell access to the box

- a user executable dynamically linked setuid binary (such as ping)
exists on the same file system mount as the user's home directory

- the operating system supports an LD_PRELOAD style mechanism to
overload dynamic library loading

Pekka Pessi also reports :

If ANY the following conditions are true, administrators using
scponly-4.1 or older may be at risk of a local privilege escalation
exploit :

- scp compatibility is enabled

- rsync compatibility is enabled

See also :

https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
http://sublimation.org/scponly/#relnotes
http://www.nessus.org/u?4a46da3f

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21497 (freebsd_pkg_b5a49db772fc11da9827021106004fd6.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now