FreeBSD : heartbeat -- insecure temporary file creation vulnerability (f6447303-9ec9-11da-b410-000e0c2e438a)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Eric Romang reports a temporary file creation vulnerability within
heartbeat. The vulnerability is caused by hard-coded temporary file
usage. This can cause an attacker to create an arbitrary symlink
causing the application to overwrite the symlinked file with the
permissions of the user executing the application.

See also :

http://www.zataz.net/adviso/heartbeat-06272005.txt
http://www.nessus.org/u?0c7cc0a9

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21538 (freebsd_pkg_f64473039ec911dab410000e0c2e438a.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2231

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now