FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bmon -- unsafe set-user-ID application

Affected packages
bmon < 1.2.1_2

Details

VuXML ID 938f357c-16dd-11d9-bc4a-000c41e2cdad
Discovery 2004-05-29
Entry 2004-10-05

Jon Nistor reported that the FreeBSD port of bmon was installed set-user-ID root, and executes commands using relative paths. This could allow local user to easily obtain root privileges.

References

FreeBSD PR ports/67340