This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Solaris system is missing a security patch for third-party
The remote Solaris system is missing necessary patches to address
security updates :
- FileSystemBytecodeCache in Jinja2 2.7.2 does not
properly create temporary directories, which allows
local users to gain privileges by pre-creating a
temporary directory with a user's uid. NOTE: this
vulnerability exists because of an incomplete fix for
- The default configuration for
bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2
does not properly create temporary files, which allows
local users to gain privileges via a crafted .cache file
with a name starting with __jinja2_ in /tmp.
See also :
Upgrade to Solaris 22.214.171.124.0.
Risk factor :
Medium / CVSS Base Score : 4.4