FreeBSD : security/ossec-hids-* -- root escalation via temp files (36858e78-3963-11e4-ad84-000c29f6ae42)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

OSSEC reports :

This correction will create the temp file for the hosts deny file in
/var/ossec and will use mktemp where available to create
NON-predictable temp file name. In cases where mktemp is not available
we have written a BAD version of mktemp, but should be a little better
then just process id.

See also :

http://www.ossec.net/?p=1135
http://www.nessus.org/u?228ae21a

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 77638 ()

Bugtraq ID:

CVE ID: CVE-2014-5284

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now