FreeBSD : p5-UI-Dialog -- shell command execution vulnerability (00dadbf0-6f61-11e5-a2a1-002590263bf5)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthijs Kooijman reports :

It seems that the whiptail, cdialog and kdialog backends apply some
improper escaping in their shell commands, causing special characters
present in menu item titles to be interpreted by the shell. This
includes the backtick evaluation operator, so this constitutes a
security issue, allowing execution of arbitrary commands if an
attacker has control over the text displayed in a menu.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86334 ()

Bugtraq ID:

CVE ID: CVE-2008-7315

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now