FreeBSD : swfdec -- exposure of sensitive information (5ef12755-1c6c-11dd-851d-0016d325a0ed)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been reported in swfdec, which can be exploited by
malicious people to disclose sensitive information.

The vulnerability is caused due to swfdec not properly restricting
untrusted sandboxes from reading local files, which can be exploited
to disclose the content of arbitrary local files by e.g. tricking a
user into visiting a malicious website.

See also :

http://www.nessus.org/u?29d5b8af

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 32145 (freebsd_pkg_5ef127551c6c11dd851d0016d325a0ed.nasl)

Bugtraq ID:

CVE ID: CVE-2008-1834

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now