FreeBSD : rssh -- format string vulnerability (1f826757-26be-11d9-ad2d-0050fc56d258)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

There is a format string bug in rssh that enables an attacker to
execute arbitrary code from an account configured to use rssh. On
FreeBSD it is only possible to compromise the rssh running account,
not root.

See also :

http://www.pizzashack.org/rssh/security.shtml
http://marc.info/?l=bugtraq&m=109855982425122
http://www.nessus.org/u?5d209df1

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 37369 (freebsd_pkg_1f82675726be11d9ad2d0050fc56d258.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now