FreeBSD : kdeutils4 -- Directory traversal vulnerability (7fb9e739-0e6d-11e1-87cd-00235a5f2c9a)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Tim Brown from Nth Dimention reports :

I recently discovered that the Ark archiving tool is vulnerable to
directory traversal via malformed. When attempts are made to view
files within the malformed Zip file in Ark's default view, the wrong
file may be displayed due to incorrect construction of the temporary
file name. Whilst this does not allow the wrong file to be
overwritten, after closing the default view, Ark will then attempt to
delete the temporary file which could result in the deletion of the
incorrect file.

See also :

http://seclists.org/fulldisclosure/2011/Oct/351
http://www.nessus.org/u?4110ab8a

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56806 ()

Bugtraq ID:

CVE ID: CVE-2011-2725

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now