FreeBSD : hive -- authorization logic vulnerability (a5c204b5-4153-11e6-8dfe-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Sushanth Sowmyan reports :

Some partition-level operations exist that do not explicitly also
authorize privileges of the parent table. This can lead to issues when
the parent table would have denied the operation, but no denial occurs
because the partition-level privilege is not checked by the
authorization framework, which defines authorization entities only
from the table level upwards.

See also :

http://www.nessus.org/u?221846aa
http://www.nessus.org/u?30e8dcf2

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91932 ()

Bugtraq ID:

CVE ID: CVE-2015-7521

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now