Detections
Analytics

FreeBSD : cvsbug -- race condition (c5c17ead-8f23-11da-8c1d-000e0c2e438a)

medium Nessus Plugin ID 23666

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Problem description

A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file. While cvsbug(1) is based on the send-pr(1) utility, this problem does not exist in the version of send-pr(1) distributed with FreeBSD. In FreeBSD 4.10 and 5.3, some additional problems exist concerning temporary file usage in both cvsbug(1) and send-pr(1).

Impact

A local attacker could cause data to be written to any file to which the user running cvsbug(1) (or send-pr(1) in FreeBSD 4.10 and 5.3) has write access. This may cause damage in itself (e.g., by destroying important system files or documents) or may be used to obtain elevated privileges.

Workaround

Do not use the cvsbug(1) utility on any system with untrusted users.
Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3 system with untrusted users.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?7a5c8609

Plugin Details

Severity: Medium

ID: 23666

File Name: freebsd_pkg_c5c17ead8f2311da8c1d000e0c2e438a.nasl

Version: 1.14

Type: local

Published: 11/20/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cvs%2bipv6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/27/2006

Vulnerability Publication Date: 9/7/2005

Reference Information

CVE: CVE-2005-2693

FreeBSD: SA-05:20.cvsbug