FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)
Medium Nessus Plugin ID 21392
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionTavis Ormandy reports :
The bash shell uses the value of the PS4 environment variable (after expansion) as a prefix for commands run in execution trace mode.
Execution trace mode (xtrace) is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may also be enabled by placing the string 'xtrace' in the SHELLOPTS environment variable before bash is started.
A malicious user with sudo access to a shell script that uses bash can use this feature to run arbitrary commands for each line of the script.
SolutionUpdate the affected package.