FreeBSD : xterm -- DECRQSS remote command execution vulnerability (d5e1aac8-db0b-11dd-ae30-001cc0377035)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

SecurityFocus reports :

The xterm program is prone to a remote command-execution vulnerability
because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute
arbitrary commands on an affected computer in the context of the
affected application.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030
http://www.nessus.org/u?459d91f0

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35295 (freebsd_pkg_d5e1aac8db0b11ddae30001cc0377035.nasl)

Bugtraq ID: 33060

CVE ID: CVE-2008-2383

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now