FreeBSD : imwheel -- insecure handling of PID file (e31d44a2-21e3-11d9-9289-000c41e2cdad)

High Nessus Plugin ID 36265


The remote FreeBSD host is missing a security-related update.


A Computer Academic Underground advisory describes the consequences of imwheel's handling of the process ID file (PID file) :

imwheel exclusively uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 36265

File Name: freebsd_pkg_e31d44a221e311d99289000c41e2cdad.nasl

Version: $Revision: 1.8 $

Type: local

Published: 2009/04/23

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:imwheel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/10/19

Vulnerability Publication Date: 2004/08/20