FreeBSD : ikiwiki -- improper symlink verification vulnerability (31d9fbb4-9d09-11dc-a29d-0016d325a0ed)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The ikiwiki development team reports :

Ikiwiki did not check if path to the srcdir to contained a symlink. If
an attacker had commit access to the directories in the path, they
could change it to a symlink, causing ikiwiki to read and publish
files that were not intended to be published. (But not write to them
due to other checks.)

See also :

http://ikiwiki.info/security/#index29h2
http://www.nessus.org/u?930f8780

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 28349 (freebsd_pkg_31d9fbb49d0911dca29d0016d325a0ed.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now