FreeBSD : sudo -- privilege escalation with bash scripts (bdd1537b-354c-11d9-a9e7-0001020eed82)

High Nessus Plugin ID 36239


The remote FreeBSD host is missing a security-related update.


A Sudo Security Alerts reports :

A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 36239

File Name: freebsd_pkg_bdd1537b354c11d9a9e70001020eed82.nasl

Version: $Revision: 1.8 $

Type: local

Published: 2009/04/23

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:sudo, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/11/13

Vulnerability Publication Date: 2004/11/11