FreeBSD : snmptt -- malicious shell code (b8ea5b66-deff-11ea-adef-641c67a117d8)

high Nessus Plugin ID 139642

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Snmptt reports :

Fixed a security issue with EXEC / PREXEC / unknown_trap_exec that could allow malicious shell code to be executed.

Fixed a bug with EXEC / PREXEC / unknown_trap_exec that caused commands to be run as root instead of the user defined in daemon_uid.

Solution

Update the affected package.

See Also

http://snmptt.sourceforge.net/changelog.shtml

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248162

http://www.nessus.org/u?7c50d8ae

Plugin Details

Severity: High

ID: 139642

File Name: freebsd_pkg_b8ea5b66deff11eaadef641c67a117d8.nasl

Version: 1.1

Type: local

Published: 8/18/2020

Updated: 8/18/2020

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:snmptt, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/15/2020

Vulnerability Publication Date: 7/23/2020