FreeBSD : postfix-policyd-weight -- working directory symlink vulnerability (072a53e0-0397-11dd-bd06-0017319806e7)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

postfix-policyd-weight does not check for symlink for its working
directory. If the working directory is not already setup by the super
root, an unprivileged user can link it to another directories in the
system. This results in ownership/permission changes on the target
directory.

See also :

http://article.gmane.org/gmane.mail.postfix.policyd-weight/815
http://article.gmane.org/gmane.mail.postfix.policyd-weight/823
http://www.nessus.org/u?baf18c02

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 2.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 31830 (freebsd_pkg_072a53e0039711ddbd060017319806e7.nasl)

Bugtraq ID: 28480

CVE ID: CVE-2008-1569

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now