FreeBSD : weechat -- Arbitrary shell command execution via scripts (81826d12-317a-11e2-9186-406186f3d89d)

High Nessus Plugin ID 62958


The remote FreeBSD host is missing one or more security-related updates.


Sebastien Helleu reports :

Untrusted command for function hook_process could lead to execution of commands, because of shell expansions.

Workaround with a non-patched version: remove/unload all scripts calling function hook_process (for maximum safety).


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 62958

File Name: freebsd_pkg_81826d12317a11e29186406186f3d89d.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2012/11/19

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:weechat, p-cpe:/a:freebsd:freebsd:weechat-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/11/18

Vulnerability Publication Date: 2012/11/15