FreeBSD : sudo -- Secure path vulnerability (d42e5b66-6ea0-11df-9c8d-00e0815b8da8)

Medium Nessus Plugin ID 46792


The remote FreeBSD host is missing a security-related update.


Todd Miller reports :

Most versions of the C library function getenv() return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell (bash), do their own environment parsing and may choose the last instance of a variable rather than the first one.

An attacker may manipulate the environment of the process that executes Sudo such that a second PATH variable is present. When Sudo runs a bash script, it is this second PATH variable that is used by bash, regardless of whether or not Sudo has overwritten the first instance of PATH. This may allow an attacker to subvert the program being run under Sudo and execute commands he/she would not otherwise be allowed to run.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 46792

File Name: freebsd_pkg_d42e5b666ea011df9c8d00e0815b8da8.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2010/06/03

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:sudo, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/06/02

Vulnerability Publication Date: 2010/06/02

Reference Information

CVE: CVE-2010-1646