FreeBSD : ikiwiki -- improper symlink verification vulnerability (31d9fbb4-9d09-11dc-a29d-0016d325a0ed)

High Nessus Plugin ID 28349


The remote FreeBSD host is missing a security-related update.


The ikiwiki development team reports :

Ikiwiki did not check if path to the srcdir to contained a symlink. If an attacker had commit access to the directories in the path, they could change it to a symlink, causing ikiwiki to read and publish files that were not intended to be published. (But not write to them due to other checks.)


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 28349

File Name: freebsd_pkg_31d9fbb49d0911dca29d0016d325a0ed.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2007/11/29

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ikiwiki, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2007/11/27

Vulnerability Publication Date: 2007/11/26