FreeBSD : sudo -- Secure path vulnerability (d42e5b66-6ea0-11df-9c8d-00e0815b8da8)
Medium Nessus Plugin ID 46792
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionTodd Miller reports :
Most versions of the C library function getenv() return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell (bash), do their own environment parsing and may choose the last instance of a variable rather than the first one.
An attacker may manipulate the environment of the process that executes Sudo such that a second PATH variable is present. When Sudo runs a bash script, it is this second PATH variable that is used by bash, regardless of whether or not Sudo has overwritten the first instance of PATH. This may allow an attacker to subvert the program being run under Sudo and execute commands he/she would not otherwise be allowed to run.
SolutionUpdate the affected package.