FreeBSD : pdfjam -- insecure temporary files (a02c9595-e018-11dd-a765-0030843d3802)

Medium Nessus Plugin ID 35340


The remote FreeBSD host is missing a security-related update.


Secunia reports :

Some security issues have been reported in PDFjam, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issues are caused due to the 'pdf90', 'pdfjoin', and 'pdfnup' scripts using temporary files in an insecure manner. This can be exploited to overwrite arbitrary files via symlink attacks.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 35340

File Name: freebsd_pkg_a02c9595e01811dda7650030843d3802.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/01/12

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:pdfjam, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2009/01/11

Vulnerability Publication Date: 2008/12/05

Reference Information

CVE: CVE-2008-5743

Secunia: 33278

CWE: 59