FreeBSD : cvsbug -- race condition (c5c17ead-8f23-11da-8c1d-000e0c2e438a)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Problem description

A temporary file is created, used, deleted, and then re-created with
the same name. This creates a window during which an attacker could
replace the file with a link to another file. While cvsbug(1) is based
on the send-pr(1) utility, this problem does not exist in the version
of send-pr(1) distributed with FreeBSD. In FreeBSD 4.10 and 5.3, some
additional problems exist concerning temporary file usage in both
cvsbug(1) and send-pr(1).

Impact

A local attacker could cause data to be written to any file to which
the user running cvsbug(1) (or send-pr(1) in FreeBSD 4.10 and 5.3) has
write access. This may cause damage in itself (e.g., by destroying
important system files or documents) or may be used to obtain elevated
privileges.

Workaround

Do not use the cvsbug(1) utility on any system with untrusted users.
Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3 system with
untrusted users.

See also :

http://www.nessus.org/u?bf5e8d42

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23666 (freebsd_pkg_c5c17ead8f2311da8c1d000e0c2e438a.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2693

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now