FreeBSD : a2ps -- insecure temporary file creation (9168253c-5a6d-11d9-a9e7-0001020eed82)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Secunia Security Advisory reports that Javier Fernandez-Sanguino
Pena has found temporary file creation vulnerabilities in the fixps
and psmandup scripts which are part of a2ps. These vulnerabilities
could lead to an attacker overwriting arbitrary files with the
credentials of the user running the vulnerable scripts.

See also :

http://www.nessus.org/u?0bd09e6b

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19030 (freebsd_pkg_9168253c5a6d11d9a9e70001020eed82.nasl)

Bugtraq ID: 12108
12109

CVE ID: CVE-2004-1377

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now