Test ID:	1.3.6.1.4.1.25623.1.0.66354
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc Vulnerability Insight: The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables. When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4146 BugTraq ID: 37154 http://www.securityfocus.com/bid/37154 Bugtraq: 20091130 ** FreeBSD local r00t zeroday (Google Search) http://www.securityfocus.com/archive/1/508142/100/0/threaded Bugtraq: 20091201 Re: ** FreeBSD local r00t zeroday (Google Search) http://www.securityfocus.com/archive/1/508168/100/0/threaded Bugtraq: 20091201 Upcoming FreeBSD Security Advisory (Google Search) http://www.securityfocus.com/archive/1/508146/100/0/threaded http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html http://www.securitytracker.com/id?1023250 http://secunia.com/advisories/37517
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.