FreeBSD : dia -- remote command execution vulnerability (25eb365c-fd11-11dd-8424-c213de35965d)

Medium Nessus Plugin ID 35701


The remote FreeBSD host is missing a security-related update.


Security Focus reports :

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-in user.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 35701

File Name: freebsd_pkg_25eb365cfd1111dd8424c213de35965d.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2009/02/18

Modified: 2016/05/09

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:dia, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/02/17

Vulnerability Publication Date: 2009/01/26

Exploitable With

Core Impact

Reference Information

CVE: CVE-2008-5984

BID: 33448

Secunia: 33672