FreeBSD : FreeBSD -- Inappropriate directory permissions in freebsd-update(8) (6e87b696-ca3e-11df-aade-0050568f000c)

high Nessus Plugin ID 50332

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

When downloading updates to FreeBSD via 'freebsd-update fetch' or 'freebsd-update upgrade', the freebsd-update(8) utility copies currently installed files into its working directory (/var/db/freebsd-update by default) both for the purpose of merging changes to configuration files and in order to be able to roll back installed updates.

The default working directory used by freebsd-update(8) is normally created during the installation of FreeBSD with permissions which allow all local users to see its contents, and freebsd-update(8) does not take any steps to restrict access to files stored in said directory.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?c9239730

Plugin Details

Severity: High

ID: 50332

File Name: freebsd_pkg_6e87b696ca3e11dfaade0050568f000c.nasl

Version: 1.11

Type: local

Published: 10/26/2010

Updated: 1/6/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/24/2010

Vulnerability Publication Date: 12/3/2009

Reference Information

FreeBSD: SA-09:17.freebsd-update