FreeBSD : pdfjam -- insecure temporary files (a02c9595-e018-11dd-a765-0030843d3802)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Some security issues have been reported in PDFjam, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

The security issues are caused due to the 'pdf90', 'pdfjoin', and
'pdfnup' scripts using temporary files in an insecure manner. This can
be exploited to overwrite arbitrary files via symlink attacks.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=459031
http://www.nessus.org/u?f71c88e8

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35340 (freebsd_pkg_a02c9595e01811dda7650030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5743

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now