FreeBSD : sudo -- Secure path vulnerability (d42e5b66-6ea0-11df-9c8d-00e0815b8da8)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Todd Miller reports :

Most versions of the C library function getenv() return the first
instance of an environment variable to the caller. However, some
programs, notably the GNU Bourne Again SHell (bash), do their own
environment parsing and may choose the last instance of a variable
rather than the first one.

An attacker may manipulate the environment of the process that
executes Sudo such that a second PATH variable is present. When Sudo
runs a bash script, it is this second PATH variable that is used by
bash, regardless of whether or not Sudo has overwritten the first
instance of PATH. This may allow an attacker to subvert the program
being run under Sudo and execute commands he/she would not otherwise
be allowed to run.

See also :

http://sudo.ws/sudo/alerts/secure_path.html
http://www.nessus.org/u?42530b87

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 46792 (freebsd_pkg_d42e5b666ea011df9c8d00e0815b8da8.nasl)

Bugtraq ID:

CVE ID: CVE-2010-1646

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now