This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Matthias Hopf reports :
By crafting hostnames with shell escape characters, arbitrary commands
can be executed in a root environment when a display manager reads in
the resource database via xrdb.
These specially crafted hostnames can occur in two environments :
Systems are affected are: systems set their hostname via DHCP, and the
used DHCP client allows setting of hostnames with illegal characters.
And systems that allow remote logins via xdmcp.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 9.3