FreeBSD : newsgrab -- insecure file and directory creation (cd7e260a-6bff-11d9-a5df-00065be4b5b6)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The newsgrab script uses insecure permissions during the creation of
the local output directory and downloaded files.

After a file is created, permissions on it are set using the mode
value of the newsgroup posting. This can potentially be a problem when
the mode is not restrictive enough. In addition, the output directory
is created with world-writable permissions allowing other users to
drop symlinks or other files at that location.

See also :

http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt
http://sourceforge.net/project/shownotes.php?release_id=300562
http://www.nessus.org/u?11dccf36

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19126 (freebsd_pkg_cd7e260a6bff11d9a5df00065be4b5b6.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now