Detections
Analytics

FreeBSD : ikiwiki -- tty hijacking via ikiwiki-mass-rebuild (3145faf1-974c-11e0-869e-000c29249b2e)

high Nessus Plugin ID 55157

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The IkiWiki development team reports :

Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks.

Solution

Update the affected package.

See Also

http://ikiwiki.info/security/#index40h2

http://www.nessus.org/u?153bade5

Plugin Details

Severity: High

ID: 55157

File Name: freebsd_pkg_3145faf1974c11e0869e000c29249b2e.nasl

Version: 1.7

Type: local

Published: 6/16/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ikiwiki, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/15/2011

Vulnerability Publication Date: 6/8/2011

Reference Information

CVE: CVE-2011-1408