FreeBSD : id3lib -- insecure temporary file creation (15ec9123-7061-11dc-b372-001921ab2fa4)
High Nessus Plugin ID 26212
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionDebian Bug report log reports :
When tagging file $foo, a temporary copy of the file is created, and for some reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally, without any checking.
This would silently truncate and overwrite an existing $foo.XXXXXX.
SolutionUpdate the affected package.