This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A temporary file is created, used, deleted, and then re-created with
the same name. This creates a window during which an attacker could
replace the file with a link to another file. While cvsbug(1) is based
on the send-pr(1) utility, this problem does not exist in the version
of send-pr(1) distributed with FreeBSD. In FreeBSD 4.10 and 5.3, some
additional problems exist concerning temporary file usage in both
cvsbug(1) and send-pr(1).
A local attacker could cause data to be written to any file to which
the user running cvsbug(1) (or send-pr(1) in FreeBSD 4.10 and 5.3) has
write access. This may cause damage in itself (e.g., by destroying
important system files or documents) or may be used to obtain elevated
Do not use the cvsbug(1) utility on any system with untrusted users.
Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3 system with
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.6