FreeBSD : newsgrab -- insecure file and directory creation (cd7e260a-6bff-11d9-a5df-00065be4b5b6)
High Nessus Plugin ID 19126
The remote FreeBSD host is missing a security-related update.
The newsgrab script uses insecure permissions during the creation of the local output directory and downloaded files. After a file is created, permissions on it are set using the mode value of the newsgroup posting. This can potentially be a problem when the mode is not restrictive enough. In addition, the output directory is created with world-writable permissions allowing other users to drop symlinks or other files at that location.