FreeBSD : ikiwiki -- improper symlink verification vulnerability (31d9fbb4-9d09-11dc-a29d-0016d325a0ed)
High Nessus Plugin ID 28349
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe ikiwiki development team reports :
Ikiwiki did not check if path to the srcdir to contained a symlink. If an attacker had commit access to the directories in the path, they could change it to a symlink, causing ikiwiki to read and publish files that were not intended to be published. (But not write to them due to other checks.)
SolutionUpdate the affected package.