FreeBSD : FreeBSD -- Multiple portsnap vulnerabilities (e7dcd69d-8ee6-11e6-a590-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Flaws in portsnap's verification of downloaded tar files allows
additional files to be included without causing the verification to
fail. Portsnap may then use or execute these files. Impact : An
attacker who can conduct man in the middle attack on the network at
the time when portsnap is run can cause portsnap to execute arbitrary
commands under the credentials of the user who runs portsnap,
typically root.

See also :

http://www.nessus.org/u?b7df15de

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 93944 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now