FreeBSD : FreeBSD -- shell injection vulnerability in patch(1) (0c6759dd-600a-11e6-a6c3-14dae9d210b8)
High Nessus Plugin ID 92890
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionDue to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to run commands in addition to the desired SCCS or RCS commands. Impact : This issue could be exploited to execute arbitrary commands as the user invoking patch(1) against a specially crafted patch file, which could be leveraged to obtain elevated privileges.
SolutionUpdate the affected package.