FreeBSD : imwheel -- insecure handling of PID file (e31d44a2-21e3-11d9-9289-000c41e2cdad)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Computer Academic Underground advisory describes the consequences of
imwheel's handling of the process ID file (PID file) :

imwheel exclusively uses a predictably named PID file for management
of multiple imwheel processes. A race condition exists when the -k
command-line option is used to kill existing imwheel processes. This
race condition may be used by a local user to Denial of Service
another user using imwheel, lead to resource exhaustion of the host
system, or append data to arbitrary files.

See also :

http://www.caughq.org/advisories/CAU-2004-0002.txt
http://imwheel.sourceforge.net/files/DEVELOPMENT.txt
http://www.nessus.org/u?361ced1b

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36265 (freebsd_pkg_e31d44a221e311d99289000c41e2cdad.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now