Detections
Analytics

FreeBSD : sudo -- privilege escalation with bash scripts (bdd1537b-354c-11d9-a9e7-0001020eed82)

high Nessus Plugin ID 36239

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A Sudo Security Alerts reports :

A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands.

Solution

Update the affected package.

See Also

https://www.sudo.ws/sudo/alerts/bash_functions.html

http://www.nessus.org/u?60e0daa6

Plugin Details

Severity: High

ID: 36239

File Name: freebsd_pkg_bdd1537b354c11d9a9e70001020eed82.nasl

Version: 1.12

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:sudo, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/13/2004

Vulnerability Publication Date: 11/11/2004