Detections
Analytics

FreeBSD : imwheel -- insecure handling of PID file (e31d44a2-21e3-11d9-9289-000c41e2cdad)

high Nessus Plugin ID 36265

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A Computer Academic Underground advisory describes the consequences of imwheel's handling of the process ID file (PID file) :

imwheel exclusively uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.

Solution

Update the affected package.

See Also

http://www.caughq.org/advisories/CAU-2004-0002.txt

http://imwheel.sourceforge.net/files/DEVELOPMENT.txt

http://www.nessus.org/u?ee9dee73

Plugin Details

Severity: High

ID: 36265

File Name: freebsd_pkg_e31d44a221e311d99289000c41e2cdad.nasl

Version: 1.11

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:imwheel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/19/2004

Vulnerability Publication Date: 8/20/2004