FreeBSD : imwheel -- insecure handling of PID file (e31d44a2-21e3-11d9-9289-000c41e2cdad)
High Nessus Plugin ID 36265
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA Computer Academic Underground advisory describes the consequences of imwheel's handling of the process ID file (PID file) :
imwheel exclusively uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.
SolutionUpdate the affected package.