FreeBSD : newsgrab -- directory traversal vulnerability (35f6093c-73c3-11d9-8a93-00065be4b5b6)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The newsgrab script creates files by using the names provided in the
newsgroup messages in a perl open() call. This is done without
performing any security checks to prevent a directory traversal. A
specially crafted newsgroup message could cause newsgrab to drop an
attachment anywhere on the file system using the permissions of the
user running the script.

See also :

http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt
http://sourceforge.net/project/shownotes.php?release_id=300562
http://www.nessus.org/u?64cf7b79

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18899 (freebsd_pkg_35f6093c73c311d98a9300065be4b5b6.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0153

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now