FreeBSD : cvsbug -- race condition (c5c17ead-8f23-11da-8c1d-000e0c2e438a)

Medium Nessus Plugin ID 23666


The remote FreeBSD host is missing a security-related update.


Problem description

A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file. While cvsbug(1) is based on the send-pr(1) utility, this problem does not exist in the version of send-pr(1) distributed with FreeBSD. In FreeBSD 4.10 and 5.3, some additional problems exist concerning temporary file usage in both cvsbug(1) and send-pr(1).


A local attacker could cause data to be written to any file to which the user running cvsbug(1) (or send-pr(1) in FreeBSD 4.10 and 5.3) has write access. This may cause damage in itself (e.g., by destroying important system files or documents) or may be used to obtain elevated privileges.


Do not use the cvsbug(1) utility on any system with untrusted users.
Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3 system with untrusted users.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 23666

File Name: freebsd_pkg_c5c17ead8f2311da8c1d000e0c2e438a.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2006/11/20

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cvs+ipv6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2006/01/27

Vulnerability Publication Date: 2005/09/07

Reference Information

CVE: CVE-2005-2693

OSVDB: 18949

FreeBSD: SA-05:20.cvsbug