FreeBSD : imwheel -- insecure handling of PID file (e31d44a2-21e3-11d9-9289-000c41e2cdad)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Computer Academic Underground advisory describes the consequences of
imwheel's handling of the process ID file (PID file) :

imwheel exclusively uses a predictably named PID file for management
of multiple imwheel processes. A race condition exists when the -k
command-line option is used to kill existing imwheel processes. This
race condition may be used by a local user to Denial of Service
another user using imwheel, lead to resource exhaustion of the host
system, or append data to arbitrary files.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36265 (freebsd_pkg_e31d44a221e311d99289000c41e2cdad.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now