FreeBSD : cabextract -- directory traversal with UTF-8 symbols in filenames (cfb12f02-06e1-11e5-8fda-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Cabextract ChangeLog reports :

It was possible for cabinet files to extract to absolute file
locations, and it was possible on Cygwin to get around cabextract's
absolute and relative path protections by using backslashes.

See also :

http://www.cabextract.org.uk/#changes
http://www.openwall.com/lists/oss-security/2015/02/18/3
http://www.nessus.org/u?f23717d3

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 83943 ()

Bugtraq ID:

CVE ID: CVE-2015-2060

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now