FreeBSD : sudo -- format string vulnerability (7c920bb7-4b5f-11e1-9f47-00e0815b8da8)
High Nessus Plugin ID 57739
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionTodd Miller reports :
Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudo_debug() function contains a flaw where the program name is used as part of the format string passed to the fprintf() function. The program name can be controlled by the caller, either via a symbolic link or, on some systems, by setting argv when executing sudo.
Using standard format string vulnerability exploitation techniques it is possible to leverage this bug to achieve root privileges.
Exploitation of the bug does not require that the attacker be listed in the sudoers file. As such, we strongly suggest that affected sites upgrade from affected sudo versions as soon as possible.
SolutionUpdate the affected package.